6 Standards, Guides and Regulatory Aspects
6.1. Introduction
In recent years, many standards and guides have been proposed in the field of information system security. Some of these standards propose an approach for risk management in line with ISO 31000: these are ISO 27000 standards. Other standards focus on industrial control system (ICS), such as IEC 62443 or the NIST SP 800-82 guide. Others have been developed for a particular field, such as electricity distribution or production, or the nuclear sector. This chapter presents the main standards (Figure 6.1), including the ISO 27000 family, National Institute of Standards and Technology (NIST) guides, the ANSSI approach, NERC CIP sector standards and International Atomic Energy Agency (IAEA) standards. The IEC 62443 standard is presented in Chapter 7, which focuses on it, while the standards for operational safety, the IEC 61508 family, are introduced in Chapter 8.
Figure 6.1. Relations between the main standards
6.2. ISO 27000 family
Figure 6.2. Main standards of the ISO 27000 family
The ISO 27000 family of standards defines good practices for information system security management. These have evolved over the years and are part of the general ISO 31000 framework, which describes the principles and guidelines for ...
Get Cybersecurity of Industrial Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
