0
Home / Catalog / Computer Security for Nuclear Security
  
Computer Security for Nuclear Security  
Implementing Guide
Published by International Atomic Energy Agency
Publication Date:  Available in all formats
ISBN: 9789201213204
Pages: 0

EBOOK (EPUB)

ISBN: 9789201213204 Price: INR 2826.99
Add to cart Buy Now

Description

Table of contents

This publication provides detailed guidance on developing, implementing, and integrating computer security as a key component of nuclear security. This guidance applies to computer security aspects of nuclear security and its interfaces with nuclear safety and with other elements of a State’s nuclear security regime, including the security of nuclear material and nuclear facilities, of radioactive material and associated facilities, and of nuclear and other radioactive material outside of regulatory control. The scope of this publication includes: computer-based systems, the compromise of which could adversely affect nuclear security or nuclear safety; the State’s and relevant entities roles and responsibilities in relation to computer security in the nuclear security regime; the activities of the State in establishing and implementing a computer security strategy for nuclear security; the elements and measures for subordinate computer security programmes; and the activities to sustain the strategy.
Rating
Description
This publication provides detailed guidance on developing, implementing, and integrating computer security as a key component of nuclear security. This guidance applies to computer security aspects of nuclear security and its interfaces with nuclear safety and with other elements of a State’s nuclear security regime, including the security of nuclear material and nuclear facilities, of radioactive material and associated facilities, and of nuclear and other radioactive material outside of regulatory control. The scope of this publication includes: computer-based systems, the compromise of which could adversely affect nuclear security or nuclear safety; the State’s and relevant entities roles and responsibilities in relation to computer security in the nuclear security regime; the activities of the State in establishing and implementing a computer security strategy for nuclear security; the elements and measures for subordinate computer security programmes; and the activities to sustain the strategy.
Table of contents
  • 1. INTRODUCTION
    • Background
    • Objective
    • Scope
    • Structure
  • 2. CONCEPTS AND CONTEXT
    • Key terminology
    • Identification of sensitive digital assets
    • Cyber-attack
    • Computer security across nuclear security
      • Nuclear material and nuclear facilities
      • Radioactive material and associated facilities
      • Nuclear and other radioactive material out of regulatory control
    • Threats, vulnerabilities and computer security measures
      • Threats
      • Vulnerabilities
      • A graded approach and defence in depth for computer security
      • Computer security responsibilities within a nuclear security regime
    • Computer security competences and capabilities
  • 3. ROLES AND RESPONSIBILITIES OF THE STATE
    • Legislative and regulatory considerations
    • Competent authority for computer security in the nuclear security regime
    • Interfaces with other domains
      • Nuclear safety
      • Physical protection
      • Information technology and operational technology functions
      • Intelligence organizations
      • Response organizations
      • International assistance and cooperation (including information exchange)
  • 4. ROLES AND RESPONSIBILITIES OF COMPETENT AUTHORITIES AND OPERATORS
    • Working with vendors, contractors and suppliers
    • Competent authority for computer security
      • Prescriptive approach
      • Performance based approach
      • Combined approach
    • Regulatory body
  • 5. ESTABLISHING THE COMPUTER SECURITY STRATEGY
    • Computer security strategy for the nuclear security regime
    • Assessment of cyberthreat to the nuclear security regime
    • Assigning a competent authority for cyberthreat assessment
    • Assessment of the impact arising from mal-operation of SDAs
    • Risk assessment method to determine computer security measures
  • 6. IMPLEMENTING THE COMPUTER SECURITY STRATEGY
    • Assignment of computer security responsibilities
    • Relationships between competent authorities and operators
    • Computer security competences and capabilities
    • Responding to computer security incidents
    • Exercises
    • Assurance activities
      • Security qualification of parts and services
    • International cooperation and assistance
  • 7. DEVELOPING A COMPUTER SECURITY PROGRAMME
    • Contents of a computer security programme
    • Organizational level risk assessment
    • Computer security measures
    • A graded approach for determining computer security measures
    • Design of computer security measures
    • Defence in depth for computer security measures
    • Management of vendors, contractors and suppliers
  • 8. SUSTAINING COMPUTER SECURITY
    • Security culture
    • Training
    • Contingency plans and response
    • Computer security assurance activities
  • Appendix NUCLEAR SAFETY INTERFACE CONSIDERATIONS FOR COMPUTER SECURITY AT FACILITIES
  • REFERENCES
  • Annex I SUGGESTED RECOMMENDATIONS LEVEL GUIDANCE ON COMPUTER SECURITY FOR A NATIONAL NUCLEAR SECURITY REGIME
  • Annex II CYBERTHREAT PROFILES
  • Annex III ASSIGNMENT OF COMPUTER SECURITY RESPONSIBILITIES
  • Annex IV EXAMPLE FRAMEWORK OF COMPUTER SECURITY COMPETENCES AND LEVELS OF CAPABILITY
  • GLOSSARY
User Reviews
Rating