Computer Security at Nuclear Facilities
TOC
1. INTRODUCTION
PART I. MANAGEMENT GUIDE
2. REGULATORY AND MANAGEMENT CONSIDERATIONS
2.1. Legislative considerations
2.2. Regulatory considerations
2.3. Site security framework
2.3.1. Computer security policy
2.3.2. Computer systems at nuclear facilities
2.3.3. Defence in depth
2.4. Assessing the threat environment
3. MANAGEMENT SYSTEMS
4. ORGANIZATIONAL ISSUES
4.1. Authorities and responsibilities
4.1.1. Management
4.1.2. Computer Security Officer
4.1.3. Computer security team
4.1.4. Other management responsibilities
4.1.5. Individual responsibilities
4.2. Computer security culture
4.2.1. Computer security training programme
PART II. IMPLEMENTATION GUIDE
5. IMPLEMENTING COMPUTER SECURITY
5.1. Computer security plan and policy
5.1.1. Computer security policy
5.1.2. Computer security plan
5.1.3. CSP components
5.2. Interaction with other domains of security
5.2.1. Physical security
5.2.2. Personnel security
5.3. Asset analysis and management
5.4. Computer system classification
5.4.1. Safety importance
5.4.2. Security or security related systems
5.5. Graded approach to computer security
5.5.1. Security levels
5.5.2. Zones
5.5.3. Example of the application of a security level model
5.5.4. Decoupling zones
6. THREATS, VULNERABILITIES AND RISK MANAGEMENT
6.1. Basic concepts and relationships
6.2. Risk assessment and management
6.3. Threat identification and characterization
6.3.1. Design basis threat
6.3.2. Attacker profiles
6.3.3. Attack scenarios
6.4. Simplified outcomes of risk assessment
7. SPECIAL CONSIDERATIONS FOR NUCLEAR FACILITIES
7.1. Facility lifetime phases and modes of operation
7.2. Differences between IT systems and industrial control systems
7.3. Demand for additional connectivity and related consequences
7.4. Considerations on software updates
7.5. Secure design and specifications for computer systems
7.6. Third party/vendor access control procedure
Download : link
