Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Assessment of Enterprise Information Security in Electric Utilities: The Importance of Prioritization
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.ORCID-id: 0000-0002-3293-1681
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
2006 (engelsk)Inngår i: Proceedings CIGRE Session 2006, 2006Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In today’s large electric utilities enterprise system is highly complex. Technically, they possess several hundreds of extensively interconnected and heterogeneous IT systems performing tasks that vary from Enterprise Resource Planning (ERP) to real-time control and monitoring of the processes, such as Distributed Control System (DCS) and Supervisory Control and Data Acquisition System (SCADA). Organizationally, the enterprise system embraces business processes and business units using, as well as maintaining and acquiring, the IT systems. Information and systems are to a large extent becoming integrated in industry operations since communication and sharing of information are becoming more efficient and faster than before. However, the networking and interconnection of systems can increase the enterprise exposure to information security risks. The significance of information security has been continuously increasing in the management of organizations and in ensuring their operating ability as well as in maintaining disturbance-free and efficient operations. Thus, enterprise information security has become an increasingly important system quality. Assessing a sufficient level of information security is a necessary pre-requisite for the continuance and credibility of operations. But assessing the level of information security in an enterprise is a serious challenge for many organizations, since the area still lacks sufficient support for decision-making on a top-management level. One problem with such assessments is that there are various views on what, exactly, should be measured. There are different opinions on what the constituent parts of enterprise information security are and what these parts? relative importance is. Addressing that problem, this paper presents an operational definition and prioritization of the field of enterprise information security. First, the paper proposes a framework for capturing the semantic essence of enterprise information security. Then, the relative weights of the framework?s subdomains are quantified. Two methods for prioritization are used to obtain the weights. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. As prioritization sources, the ISO/IEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. To demonstrate the practical consequences, the effects of varying prioritizations on the enterprise information security assessment results in a European energy company are presented.

sted, utgiver, år, opplag, sider
2006.
Serie
IR-EE-ICS ; 2006:006
Emneord [en]
Enterprise, Information, Security, Assessment, Prioritization
HSV kategori
Identifikatorer
URN: urn:nbn:se:kth:diva-80068Scopus ID: 2-s2.0-84876750611OAI: oai:DiVA.org:kth-80068DiVA, id: diva2:495941
Konferanse
CIGRE Session 2006, Paris, France, 27th August – 1st September 2006
Merknad

QC 20141103

Tilgjengelig fra: 2012-02-09 Laget: 2012-02-09 Sist oppdatert: 2014-11-03bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

ScopusCIGRE

Personposter BETA

Johnson, Pontus

Søk i DiVA

Av forfatter/redaktør
Johansson, ErikJohnson, PontusCegrell, Torsten
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric

urn-nbn
Totalt: 79 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf