Computer security techniques for nuclear facilities : technical guidance.

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor Corporativo: International Atomic Energy Agency
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Vienna : International Atomic Energy Agency, 2021.
Colección:IAEA nuclear security series ; no. 17-T (Rev. 1)
Temas:
Nuclear facilities > Security measures.
Computer networks > Security measures.
Computer security.
Installations nucléaires > Sécurité > Mesures.
Réseaux d'ordinateurs > Sécurité > Mesures.
Sécurité informatique.
Computer networks > Security measures
Computer security
Nuclear facilities > Security measures
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Intro
  • 1. INTRODUCTION
  • Background
  • Objective
  • Scope
  • Structure
  • 2. Basic Concepts and Relationships
  • Nuclear security and computer security
  • Facility functions, computer security levels and computer security zones
  • Computer security risk management
  • Competing demands of simplicity, efficiency and computer security
  • Conceptual nuclear facility zone model
  • Computer security measures
  • Computer based systems and digital assets (including SDAs)
  • Cyber-attack
  • Interface with safety
  • 3. General Considerations for Computer Security
  • Identification of facility functions
  • Protection of sensitive information and digital assets
  • Risk informed approach
  • Risk assessment and management
  • Computer security levels based on a graded approach
  • 4. Facility Computer Security Risk Management
  • Objective of facility computer security risk management
  • Outline of facility computer security risk management
  • Inputs to facility computer security risk management
  • Phases of facility computer security risk management
  • Scope definition
  • Facility characterization
  • Identification of facility functions
  • Intrinsic significance of facility functions
  • Potential effects of compromise of a system on facility function
  • Interdependencies between facility functions
  • Necessary timeliness and accuracy for facility function interdependencies
  • Target identification
  • Documentation of facility functions
  • Threat characterization
  • Sources of threat information
  • Facility specific threat characterization
  • Additional considerations for insider threats
  • Specification of computer security requirements
  • Computer security policy and computer security programme
  • Assignment of systems performing facility functions to computer security levels
  • Defensive computer security architecture specification
  • Requirements in the DCSA specification to apply a graded approach
  • Requirements in the DCSA specification to apply defence in depth
  • Trust model
  • Relationship with system computer security risk management
  • performed for each system
  • Assurance activities
  • Evaluation
  • Verification
  • Validation
  • Scenario identification and development
  • Facility computer security risk management output
  • 5. System Computer Security Risk Management
  • General considerations
  • Overview
  • System computer security risk management process
  • Overall defensive computer security architecture requirements for computer security
  • Definition of system boundaries
  • Definition and construction of computer security zones
  • Identification of digital assets
  • System computer security architecture, including digital asset analysis
  • Verification of the system computer security risk assessment
  • System computer security risk management report

Ejemplares similares