- Title
- An information security governance model for industrial control systems
- Creator
- Webster, Zynn
- Subject
- Computer networks -- Security measures
- Subject
- Data protection Computer security Business enterprises -- Computer networks -- Security measures
- Date Issued
- 2018
- Date
- 2018
- Type
- Thesis
- Type
- Masters
- Type
- MIT
- Identifier
- http://hdl.handle.net/10948/36383
- Identifier
- vital:33934
- Description
- Industrial Control Systems (ICS) is a term used to describe several types of control systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). These systems consist of a combination of control components (e.g. electrical, mechanical, pneumatic) which act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy). ICS play a fundamental role in critical infrastructures such as electricity grids, oil, gas and manufacturing industries. Initially ICS had little resemblance to typical enterprise IT systems; they were isolated and running proprietary control protocols using specialized hardware and software. However, with initiatives such as Industry 4.0 and Industrial Internet of Things (IIoT), the nature of ICS has changed significantly. There is an ever-increasing use of commercial operating systems and standard protocols like TCP/IP and Ethernet. Consequently, modern ICS are more and more resembling conventional enterprise IT systems, and it is a well-known fact that these IT systems and networks are known to be vulnerable and that they require extensive management to ensure Confidentiality, Integrity, and Availability. Since ICS are now adopting conventional IT characteristics they are also accepting the associated risks. However, owing to the functional area of ICS, the consequences of these threats are much more severe than those of enterprise IT systems. The need to manage security for these systems with highly skilled IT personnel has become essential. Therefore, this research was focussed to identify which unique security controls for ICS and enterprise IT systems can be combined and/or tailored to provide the organization with a single set of comprehensive security controls. By doing an investigation on existing standards and best practices for both enterprise IT and ICS environments, this study has produced a single set of security controls and presented how the security controls can be integrated into an existing information security governance model which organizations can use as a basis for generating a security framework, used not only to secure their enterprise IT systems, but also including the security of their ICS.
- Format
- iv, 223 leaves
- Format
- Publisher
- Nelson Mandela University
- Publisher
- Faculty of Faculty of Engineering, the Built Environment and Information Technology
- Language
- English
- Rights
- Nelson Mandela University
- Hits: 1250
- Visitors: 1341
- Downloads: 176
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Zynn Webster MTECH An Information Security Governance Model for Industrial Control Systems.pdf | 4 MB | Adobe Acrobat PDF | View Details Download |