摘要
基础设施中的现代自动化系统,比如智能电网中存在许多安全漏洞。这些安全漏洞大多与不称职的安全管理有直接的关系,称职的安全管理应该有清晰的管理结构和执行层次。安全策略是系统安全指导根文档,各种段落涵盖了所有与系统安全有关的内容,包括范围、位置、责任、参考、修订历史、执行方式、例外情况,同时也覆盖了各种话题,比如安全风险管理、数据安全、平台、通信、人员、配置管理、审查和评估、计算机应用程序、物理安全以及人工操作。文中介绍了一种高效的SCADA安全策略框架。
Modern automation system in infrastructure (including Supervisory Control and Data Acquisition,or SCA-DA)has myriad security vulnerabilities.Many of these relate directly to inadequate security administration.Adequate secu-rity management mandates a clear administrative structure and enforcement hierarchy.The security policy is the root docu-ment,with sections covering various subjects relevant to system security,e.g.purpose,scope,positions,responsibilities, references,revision history,enforcement,and exceptions.It also covers topics including the overall security risk manage-ment program,data security,platforms,communication,personnel,configuration management,auditing/assessment, computer applications,physical security and manual operations.This article introduces an effective framework for SCADA security policy.
出处
《通信电源技术》
2015年第3期75-77 82,82,共4页
Telecom Power Technology
关键词
SCADA系统
策略
管理控制
安全管理
SCADA system
policy
administrative control
security management
