To main content

Information security incident management: Planning for failure

Abstract

This paper reports on an interview study on information security incident management that has been conducted in organizations operating industrial control systems that are highly dependent on conventional IT systems. Six distribution service operators from the power industry have participated in the study. We have investigated current practice regarding planning and preparation activities for incident management, and identified similarities and differences between the two traditions of conventional IT systems and industrial control systems. The findings show that there are differences between the IT and ICS disciplines in how they perceive an information security incident and how they plan and prepare for responding to such. The completeness of documented plans and procedures for incident management varies. Where documentation exists, this is in general not well-established throughout the organization. Training exercises with specific focus on information security are rarely performed. There is a need to create amore unified approach to information security incident management in order for the power industry to be sufficiently prepared to meet the challenges posed by Smart Grids in the near future.

Category

Academic chapter/article/Conference paper

Language

English

Affiliation

  • Norwegian University of Science and Technology
  • SINTEF Digital / Software Engineering, Safety and Security

Year

2014

Publisher

IEEE

Book

8th International Conference on IT Security Incident Management and IT Forensics (IMF 2014), May 12-14, 2014, Münster, Germany

ISBN

978-1-4799-4330-2

Page(s)

47 - 61

View this publication at Cristin