Security of remote access
Assign topic to the user
Answer: I assume you are referring to security practices from IT applicable to SCADA (Supervisory Control and Data Acquisition). Information Technology (IT) and Industrial Control System (ICS), which embraces SCADA, have different business requirements, implementation architectures, and security goals, which makes direct application of security solutions from IT to SCADA unpractical. But in terms of concepts and high level approaches, they are highly compatible (you can also consider for SCADA security approaches like harden the perimeter, defense in depth and securing remote access). Considering ISO standards, ISO 27002 may help with some approaches (for remote access you have control 6.2.2 - Teleworking, and 13.1.2 - Security of network services), but ISO 27019:2013, wh ich provides guiding principles based on ISO/IEC 27002 for information security management applied to process control systems used in the energy utility industry, can provide more related information regarding Industrial Control Systems in general.
Unfortunately, we do not have some specific materials for remote access, but perhaps these materials can help you:
- How to manage the security of network services according to ISO 27001 A.13.1.2 https://advisera.com/27001academy/blog/2017/02/13/how-to-manage-the-security-of-network-services-according-to-iso-27001-a-13-1-2/
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
Comment as guest or Sign in
Mar 07, 2017