Computer security for nuclear security : implementation guide.
Clasificación: | Libro Electrónico |
---|---|
Autor Corporativo: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Vienna :
International Atomic Energy Agency,
2021.
|
Colección: | IAEA nuclear security series ;
no. 42-6. |
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Intro
- 1. INTRODUCTION
- Background
- Objective
- Scope
- Structure
- 2. CONCEPTS AND CONTEXT
- Key terminology
- Identification of sensitive digital assets
- Cyber-attack
- Computer security across nuclear security
- Nuclear material and nuclear facilities
- Radioactive material and associated facilities
- Nuclear and other radioactive material out of regulatory control
- Threats, vulnerabilities and computer security measures
- Threats
- Vulnerabilities
- A graded approach and defence in depth for computer security
- Computer security responsibilities within a nuclear security regime
- Computer security competences and capabilities
- 3. ROLES AND RESPONSIBILITIES OF THE STATE
- Legislative and regulatory considerations
- Competent authority for computer security in the nuclear security regime
- Interfaces with other domains
- Nuclear safety
- Physical protection
- Information technology and operational technology functions
- Intelligence organizations
- Response organizations
- International assistance and cooperation (including information exchange)
- 4. ROLES AND RESPONSIBILITIES OF COMPETENT AUTHORITIES AND OPERATORS
- Working with vendors, contractors and suppliers
- Competent authority for computer security
- Prescriptive approach
- Performance based approach
- Combined approach
- Regulatory body
- 5. ESTABLISHING THE COMPUTER SECURITY STRATEGY
- Computer security strategy for the nuclear security regime
- Assessment of cyberthreat to the nuclear security regime
- Assigning a competent authority for cyberthreat assessment
- Assessment of the impact arising from mal-operation of SDAs
- Risk assessment method to determine computer security measures
- 6. IMPLEMENTING THE COMPUTER SECURITY STRATEGY
- Assignment of computer security responsibilities
- Relationships between competent authorities and operators
- Computer security competences and capabilities
- Responding to computer security incidents
- Exercises
- Assurance activities
- Security qualification of parts and services
- International cooperation and assistance
- 7. DEVELOPING A COMPUTER SECURITY PROGRAMME
- Contents of a computer security programme
- Organizational level risk assessment
- Computer security measures
- A graded approach for determining computer security measures
- Design of computer security measures
- Defence in depth for computer security measures
- Management of vendors, contractors and suppliers
- 8. SUSTAINING COMPUTER SECURITY
- Security culture
- Training
- Contingency plans and response
- Computer security assurance activities
- Appendix NUCLEAR SAFETY INTERFACE CONSIDERATIONS FOR COMPUTER SECURITY AT FACILITIES
- REFERENCES
- Annex I SUGGESTED RECOMMENDATIONS LEVEL GUIDANCE ON COMPUTER SECURITY FOR A NATIONAL NUCLEAR SECURITY REGIME