LEADER 06335nam  22004933  450 
001 9910962914503321
005 20240102112648.0
010   $a9789201237200
010   $a9201237200
035   $a(MiAaPQ)EBC6985992
035   $a(Au-PeEL)EBL6985992
035   $a(CKB)22321072600041
035   $a(OCoLC)1323254266
035   $a(Perlego)3509552
035   $a(EXLCZ)9922321072600041
100   $a20220516d2021      uy         0
101 0 $aeng
135   $aurcnu||||||||
181   $ctxt$2rdacontent
182   $cc$2rdamedia
183   $acr$2rdacarrier
200 10$aComputer Security Techniques for Nuclear Facilities $eTechnical Guidence
205   $a1st ed.
210  1$aHavertown :$cInternational Atomic Energy Agency,$d2021.
210  4$dİ2021.
215   $a1 online resource (132 pages)
225 1 $aIAEA Nuclear Security ;$vv.17-T (Rev. 1)
327   $aIntro -- 1. INTRODUCTION -- Background -- Objective -- Scope -- Structure -- 2. Basic Concepts and Relationships -- Nuclear security and computer security -- Facility functions, computer security levels and computer security zones -- Computer security risk management -- Competing demands of simplicity, efficiency and computer security -- Conceptual nuclear facility zone model -- Computer security measures -- Computer based systems and digital assets (including SDAs) -- Cyber-attack -- Interface with safety -- 3. General Considerations for Computer Security -- Identification of facility functions -- Protection of sensitive information and digital assets -- Risk informed approach -- Risk assessment and management -- Computer security levels based on a graded approach -- 4. Facility Computer Security Risk Management -- Objective of facility computer security risk management -- Outline of facility computer security risk management -- Inputs to facility computer security risk management -- Phases of facility computer security risk management -- Scope definition -- Facility characterization -- Identification of facility functions -- Intrinsic significance of facility functions -- Potential effects of compromise of a system on facility function -- Interdependencies between facility functions -- Necessary timeliness and accuracy for facility function interdependencies -- Target identification -- Documentation of facility functions -- Threat characterization -- Sources of threat information -- Facility specific threat characterization -- Additional considerations for insider threats -- Specification of computer security requirements -- Computer security policy and computer security programme -- Assignment of systems performing facility functions to computer security levels -- Defensive computer security architecture specification.
327   $aRequirements in the DCSA specification to apply a graded approach -- Requirements in the DCSA specification to apply defence in depth -- Trust model -- Relationship with system computer security risk management - performed for each system -- Assurance activities -- Evaluation -- Verification -- Validation -- Scenario identification and development -- Facility computer security risk management output -- 5. System Computer Security Risk Management -- General considerations -- Overview -- System computer security risk management process -- Overall defensive computer security architecture requirements for computer security -- Definition of system boundaries -- Definition and construction of computer security zones -- Identification of digital assets -- System computer security architecture, including digital asset analysis -- Verification of the system computer security risk assessment -- System computer security risk management report -- 6. Facility and System Computer Security Risk Management Considerations During Specific Stages in the Lifetime of a Facility -- Planning -- Siting -- Design -- Construction -- Commissioning -- Operations -- Maintenance -- Cessation of operations -- Decommissioning -- 7. Elements of the computer security programme -- Computer security requirements -- Computer security policy -- Computer security programme -- Elements of the computer security programme -- Organizational roles and responsibilities -- Management system -- Computer security indicators -- Security design and management -- Computer security requirements -- Digital asset management -- Configuration management -- Security procedures -- Personnel management -- 8. Example defensive computer security architecture and computer security measures -- Example implementation of defensive computer security architecture -- Decoupling computer security zones.
327   $aExternal connectivity -- Example requirements -- Unassigned digital assets -- Generic requirements -- Security level 1 requirements -- Security level 2 requirements -- Security level 3 requirements -- Security level 4 requirements -- Security level 5 requirements -- Appendix SELECTED ELEMENTS OF A COMPUTER SECURITY PROGRAMME -- REFERENCES -- Annex I POTENTIAL ATTACK SCENARIOS AGAINST SYSTEMS IN NUCLEAR FACILITIES -- Annex II EXAMPLE OF COMPUTER SECURITY LEVEL ASSIGNMENT FOR A NUCLEAR POWER PLANT -- Annex III EXAMPLE OF APPLICATION OF COMPUTER SECURITY LEVELS AND ZONES -- GLOSSARY.
330 8 $aThis revision provides guidance on how to establish or improve, develop, implement, maintain, and sustain computer security within nuclear facilities. This publication addresses the use of risk informed approaches to establish and enhance computer security policies, programmes; it describes the integration of computer security into the management system of a facility; establishes a systematic approach to identifying facility functions and appropriate computer security measures that protect sensitive digital assets and the facility from the consequence of cyber-attacks consistent with the threat assessment or design basis threat. 
410  0$aIAEA Nuclear Security 
606   $aComputer networks--Security measures
606   $aComputer security
615  0$aComputer networks--Security measures.
615  0$aComputer security.
700   $aIAEA$01594159
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910962914503321
996   $aComputer Security Techniques for Nuclear Facilities$94359849
997   $aUNINA