| Description |
140 pages ; 30 cm |
| Contents |
Contents note continued: 3.6.How should building systems and data be protected? -- 4.Next steps -- Glossary -- Appendix A Understanding cyber security -- A.1.Introduction -- A.2.Understanding vulnerabilities, risks and threats -- A.3.Cyber-security attributes -- A.4.Cyber-security context -- A.5.Potential threat agents -- A.5.1.Types of threat agent -- A.5.2.Potential hostile threat agent groups -- A.6.Enterprise and industrial control systems architecture -- A.7.Standards, guidance and good practice -- Appendix B Developing a cyber-security strategy -- B.1.Overall development process -- B.2.Understanding the context -- B.3.Cyber-security risk analysis and evaluation -- B.4.Managing and mitigating cyber-security risks -- Appendix C Developing a cyber-security policy for a building -- C.1.Relationship of cyber-security policies, processes and procedures -- C.1.1.Cyber-security policy -- C.1.2.Cyber-security processes -- C.1.3.Cyber-security procedures -- |
|
Contents note continued: C.2.Cyber-security policy objectives and scope -- C.3.Legislation and building systems -- C.4.Cyber-security leadership -- Appendix D Managing ̀process and procedure' aspects -- D.1.Cyber-security risk management -- D.1.1.Identification and analysis of system and systemic risks -- D.1.2.Identification and analysis of dynamic and emergent risks -- D.2.Cyber security in the supply chain -- D.3.System operations -- D.3.1.Systems and infrastructure documentation -- D.3.2.Building and systems maintenance -- D.4.Incident response, investigation and management -- Appendix E Configuration control -- E.1.Change management for processes, systems and infrastructure -- E.2.Implementation of physical security measures -- E.3.Maintenance of an inventory of hardware and devices -- E.4.Maintenance of an inventory of software -- E.5.Implementation of secure configurations for hardware and software -- E.6.Secure configurations for communications and network devices -- |
|
Contents note continued: E.7.Application of wireless device control -- E.8.Limitation and control of network ports, protocols, and services -- E.9.Control of the use of administrative privileges -- Appendix F Managing ̀people' aspects -- F.1.Appointments, roles and responsibilities -- F.1.1.The insider risk -- F.1.2.Factors contributing to insider attacks -- F.1.3.Managing personnel security -- F.2.Managing consultants, contractors and agency staff -- F.3.Awareness, training and education -- F.3.1.Cyber-security awareness -- F.3.2.Cyber-security training -- F.3.3.Cyber-security education -- F.4.Audits -- Appendix G Managing technical aspects -- G.1.Operational security -- G.2.Physical security of building systems -- G.3.Communications security, EMC and jamming -- G.3.1.Communications security (COMSEC) -- G.3.2.Electromagnetic compatibility (EMC) -- G.3.3.Jamming -- G.4.Systems architecture and interconnections -- G.4.1.Network and communications architecture -- G.4.2.Firewalls -- |
|
Contents note continued: G.4.3.Remote access -- G.4.4.Anti-malware software -- G.4.5.E-mail and internet access -- G.4.6.System hardening -- G.4.7.Backups and recovery -- G.4.8.Systems monitoring -- G.4.9.Wireless networking and communications -- G.4.10.Security and maintenance patching -- G.4.11.Device connection and disconnection procedures -- G.4.12.Managing change -- G.5.Resilience -- Appendix H Trustworthy software -- H.1.What is ̀software trustworthiness'? -- H.2.Trustworthiness Levels -- H.3.Trustworthy Software Framework (TSF) -- H.3.1.TSF concepts -- H.3.2.TSF principles -- H.4.Applying the Trustworthy Software Framework -- H.4.1.Governance -- H.4.2.Risk -- H.4.3.Controls -- H.4.3.1.Personnel -- H.4.3.2.Physical -- H.4.3.3.Procedural -- H.4.3.4.Technical -- H.4.4.Compliance -- H.5.Application of TSF principles across systems lifecycle -- Appendix I Bibliography -- I.1.General IT security standards -- I.2.Security and safety of Industrial Control Systems (ICS & SCADA) -- |
|
Contents note continued: I.3.Business-related security guidance -- I.4.Other standards and guidance -- Appendix J Factors to consider in assessing system context |
|
Machine generated contents note: 1.Introduction -- 1.1.Aim and objectives -- 1.2.Who should use this Code of Practice? -- 1.3.Applicability -- 1.4.Relationship with the building lifecycle -- 1.5.Document structure -- 2.Overview -- 2.1.The building lifecycle -- 2.2.What is cyber security? -- 2.3.Cyber-security needs by building lifecycle phase -- 2.3.1.Commission or acquire--Phase A -- 2.3.2.Strategy and business case -- Phase B -- 2.3.3.Design or redesign -- Phase C -- 2.3.4.Build or change--Phase D -- 2.3.5.Use, operate, maintain -- Phase E -- 2.3.6.Decommission or dispose -- Phase F -- 2.4.Stakeholder roles and cyber security -- 3.Applying cyber security through the lifecycle of a building -- 3.1.Introduction -- 3.2.Who is responsible for the cyber security of building systems and data? -- 3.3.What building systems and data need to be protected? -- 3.4.What could adversely affect the building systems and data? -- 3.5.Where are the building systems and data located? -- |
| Notes |
Includes index |
|
Also issued online |
| Subject |
Buildings -- Communication systems -- Security measures.
|
|
Computer networks -- Security measures.
|
|
Computer security.
|
|
Internet -- Security measures.
|
| Author |
Institution of Engineering and Technology, issuing body
|
| LC no. |
2015430395 |
| ISBN |
1849198918 |
|
9781849198912 |
|
