Transportation Security | Physical Security | Penetration Testing | Firewall Pro | Network Security | S.C.A.D.A. | H.I.P.A.A. | eBanking | Kids' Password | |
The Security of Supervisory Control and Data Acquisition Systems(S.C.A.D.A.) and Distributed Control Systems (D.C.S) are of outmost importance. The fact that the SCADA networks are private provides a great deal of security. Hackers simply cannot access the network from any off-site location. Keeping SCADA computers "disconnected" from the outside world, including the Internet, isolates the system from an awful lot of risks. The problem is that there are too many benefits in connecting to the outside world. Numerous information services are available via the Internet. Equipment suppliers can perform maintenance via the Internet. You can make operations information available anywhere in the world. If you want your system "connected", prudent use of firewalls and cyber security measures is mandatory.
Cyber attacks on energy production and distribution systems including
electric, oil, and gas, water treatment and distribution systems as well as on
chemical plants containing potentially hazardous substances could endanger
public health and safety as well as invoke serious damage to the environment. The Common Criteria for Information Technology Security Evaluation, also known as ISO/IEC 15408 is being used for evaluation of the security of Distributed Control Systems (D.C.S) and Supervisory Control and Data Acquisition Systems(S.C.A.D.A.). InfoSecPro.com can help construct an action plan for an information security program to put the organization on a trajectory for effective SCADA asset protection and regulatory compliance. Typically the security of the SCADA or DCS environment depends significantly from the blending of the SCADA environment and the greater corporate network. The following questions should be considered:
- Do operators need Internet access? How is that provided? The security assessment will include:
* Information Criticality Matrix, based on the mission statement and policy
InfoSecPro will validate your network against the corporate security policy and known Internet attacks. Risk analysis will be performed using the industry standard risk profile matrix. The Security Analysis Report will document any exploits found. The Security Analysis Report will suggest possible security solutions to alleviate the vulnerabilities. ISO 17799, the Code of Practice for Information Security Management, is a standard which describes a management framework within which an organization can examine and improve its security posture. Our services provide solutions for Network Security by:
Some of potential vulnerabilities and suggested countermeasures are included in the following Security Checklist. R E S O U R C E S : Department of Defense Trusted Computer System Evaluation Criteria Department of Defense Information Technology Security Certification and Accreditation Process Office of Management and Budget - CIRCULAR NO. A-130 Security Guidelines by American Petroleum Institute Risk Management Guide for Information Technology Systems
Copyright © 2007 InfoSecPro.com™ |