Assessment of Enterprise Information Security in Electric Utilities : The Importance of Prioritization

摘要: In today’s large electric utilities enterprise system is highly complex. Technically, they possess several hundreds of extensively interconnected and heterogeneous IT systems performing tasks that vary from Enterprise Resource Planning (ERP) to real-time control monitoring the processes, such as Distributed Control System (DCS) Supervisory Data Acquisition (SCADA). Organizationally, embraces business processes units using, well maintaining acquiring, systems. Information are a extent becoming integrated in industry operations since communication sharing information more efficient faster than before. However, networking interconnection can increase exposure security risks. The significance has been continuously increasing management organizations ensuring their operating ability disturbance-free operations. Thus, become an increasingly important quality. Assessing sufficient level necessary pre-requisite for continuance credibility But assessing serious challenge many organizations, area still lacks support decision-making on top-management level. One problem with assessments there various views what, exactly, should be measured. There different opinions what constituent parts these parts? relative importance is. Addressing problem, this paper presents operational definition prioritization field security. First, proposes framework capturing semantic essence Then, weights framework?s subdomains quantified. Two methods used obtain weights. results demonstrate standards committees, guideline authors expert groups differ issues As sources, ISO/IEC 17799, NIST SP 800-26, ISF CMU/SEI OCTAVE panel at Swedish Processing Society (DFS) considered. To practical consequences, effects varying prioritizations assessment European energy company presented.