Industrial Cybersecurity Standards and Frameworks

Cybersecurity for industrial control systems (ICS) is currently a popular topic for discussion. Awareness of security-related risks and their relationship to process safety has increased dramatically in recent years. Many more end-users now know and accept the need to address the subject and meet the expectations of a wide range of stakeholders.

Securing and protecting the safety and integrity of these systems presents a significant challenge, with the ultimate accountability falling on end users. Because of the inherent complexity of the subject, there is often confusion about exactly what can or should be done to address the expectations and requirements of wide range of stakeholders, from industry associations to regulatory bodies.

Information on the actions and steps required is available from many sources and in several forms, including standards, practices and general guidance. The volume and variety of this information can be overwhelming, so it is essential to understand the nature, intended purpose, and limitations of each of these sources and forms, as well as how they are related.

This ARC Advisory Group report focuses on two specific forms of information: standards and frameworks. It describes the relationship between these two forms, as well as how they can be applied to help define and operate a comprehensive cybersecurity management system.

If you would like to buy this report or obtain information about how to become a client, please Request ARC Info

Keywords: NIST, Frameworks, ICS Cybersecurity, ISA-62443, IEC, ISO 27000, ARC Advisory Group.