Cargando…

Computer security for nuclear security : implementation guide.

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor Corporativo: International Atomic Energy Agency
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Vienna : International Atomic Energy Agency, 2021.
Colección:IAEA nuclear security series ; no. 42-6.
Temas:
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Intro
  • 1. INTRODUCTION
  • Background
  • Objective
  • Scope
  • Structure
  • 2. CONCEPTS AND CONTEXT
  • Key terminology
  • Identification of sensitive digital assets
  • Cyber-attack
  • Computer security across nuclear security
  • Nuclear material and nuclear facilities
  • Radioactive material and associated facilities
  • Nuclear and other radioactive material out of regulatory control
  • Threats, vulnerabilities and computer security measures
  • Threats
  • Vulnerabilities
  • A graded approach and defence in depth for computer security
  • Computer security responsibilities within a nuclear security regime
  • Computer security competences and capabilities
  • 3. ROLES AND RESPONSIBILITIES OF THE STATE
  • Legislative and regulatory considerations
  • Competent authority for computer security in the nuclear security regime
  • Interfaces with other domains
  • Nuclear safety
  • Physical protection
  • Information technology and operational technology functions
  • Intelligence organizations
  • Response organizations
  • International assistance and cooperation (including information exchange)
  • 4. ROLES AND RESPONSIBILITIES OF COMPETENT AUTHORITIES AND OPERATORS
  • Working with vendors, contractors and suppliers
  • Competent authority for computer security
  • Prescriptive approach
  • Performance based approach
  • Combined approach
  • Regulatory body
  • 5. ESTABLISHING THE COMPUTER SECURITY STRATEGY
  • Computer security strategy for the nuclear security regime
  • Assessment of cyberthreat to the nuclear security regime
  • Assigning a competent authority for cyberthreat assessment
  • Assessment of the impact arising from mal-operation of SDAs
  • Risk assessment method to determine computer security measures
  • 6. IMPLEMENTING THE COMPUTER SECURITY STRATEGY
  • Assignment of computer security responsibilities
  • Relationships between competent authorities and operators
  • Computer security competences and capabilities
  • Responding to computer security incidents
  • Exercises
  • Assurance activities
  • Security qualification of parts and services
  • International cooperation and assistance
  • 7. DEVELOPING A COMPUTER SECURITY PROGRAMME
  • Contents of a computer security programme
  • Organizational level risk assessment
  • Computer security measures
  • A graded approach for determining computer security measures
  • Design of computer security measures
  • Defence in depth for computer security measures
  • Management of vendors, contractors and suppliers
  • 8. SUSTAINING COMPUTER SECURITY
  • Security culture
  • Training
  • Contingency plans and response
  • Computer security assurance activities
  • Appendix NUCLEAR SAFETY INTERFACE CONSIDERATIONS FOR COMPUTER SECURITY AT FACILITIES
  • REFERENCES
  • Annex I SUGGESTED RECOMMENDATIONS LEVEL GUIDANCE ON COMPUTER SECURITY FOR A NATIONAL NUCLEAR SECURITY REGIME