Abstract
The documents related to cybersecurity are often filled with information technology (IT) acronyms and with familiar business terms that need to be understood in the context of cybersecurity. In order to develop and implement an effective cybersecurity program, it is necessary to understand the terminology and its contextual use. Cybersecurity programs often evolve within an organization and, depending on the history of that evolution, the implemented measures may be somewhat unbalanced. For example, in some organizations the program may be headed by an IT professional who has exceptional IT skills, so she or he may place an emphasis on technical controls such as firewalls and authentication measures and the resulting program may not have enough administrative controls in place. Any organization can improve their cybersecurity posture by taking a balanced approach. A balance can be reached by utilizing a framework that allows a cybersecurity program to document its programmatic strengths and weaknesses thus hopefully achieving a better balance over time. This chapter defines key cybersecurity terminology and discusses three popular standards/frameworks that are very relevant to cybersecurity in the critical infrastructure sector. Specifically, the information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the ISO/IEC 27000 series is discussed, followed by a summary of the National Institute of Standards and Technology (NIST) Cybersecurity Framework for Critical Infrastructure and the NIST Special Publication 800-82—A Guide to Industrial Control Systems (ICS) Security, both of which have direct relevance to many of the various critical infrastructure sectors in the U.S.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Windows is a family of graphical operating systems developed, marketed, and sold by Microsoft. Bitlocker is built into Windows 7 (Ultimate and Enterprise Versions) and Windows 8 (Pro and Enterprise), as well as the Windows Server operating systems (2008 and later).
- 2.
The use of the term hacker has varied over time. The term “black hat hacker” is used here to definitively identify those with both the required technical skills and malevolent intentions.
- 3.
- 4.
Abbreviations
- ABAC:
-
Attribute based access control
- AES:
-
Advanced Encryption Standard
- CIA:
-
Confidentiality, integrity and availability
- CRC:
-
Cyclic redundancy checks
- CSD:
-
Computer security division
- CSRC:
-
Computer Security Resource Center
- DCS:
-
Distributed control systems
- DNS:
-
Domain name system
- DMZ:
-
De-militarized zone
- FIPS:
-
Federal Information Processing Standards
- FISMA:
-
Federal Information Security Management Act
- HSPD-7:
-
Homeland Security Presidential Directive 7
- ICS:
-
Industrial control systems
- IDS:
-
Intrusion detection system
- IDPS:
-
Intrusion detection and prevention systems
- IEDs:
-
Intelligent electronic devices
- IEC:
-
International Electrotechnical Commission
- IP:
-
Internet protocol
- IPSec:
-
Internet Protocol security
- ISO:
-
International Organization for Standardization
- ISMS:
-
Information Security management systems
- IT:
-
Information Technology
- ITL:
-
Information Technology Laboratory
- NIST:
-
National Institute of Standards and Technology
- NISTIRs:
-
NIST Interagency or Internal Reports
- PII:
-
Personally identifiable information
- PIV:
-
Personal identity verification
- PLC:
-
Programmable logic controllers
- RAID:
-
Redundant array of independent disks
- SCADA:
-
Supervisory control and data acquisition
- SP:
-
Special publication
- U.S.:
-
United States
- WLANs:
-
Wireless Local Area Networks
References
ISO, IEC. (2013a). ISO/IEC27002:2013 Information technology—Code of practice for information security controls. Geneva, Switzerland: ISO/IEC.
ISO, IEC. (2013b). ISO/IEC 27001:2013 Information technology—Security techniques—Inormation security management systems—Requirements. Geneva, Switzerland: ISO/IEC.
NIST. (2013). SP 800-53: Security and privacy controls for Federal Information Systems and Organizations. Washington, DC.
NIST. (2014). Framework for improving critical infrastructure security. Washington: DC, NIST.
NIST. (2015). SP 800-82: Guide to Industrial Control Systems (ICS) Security. Washington: DC, NIST.
Panguluri, S., Phillips, J. W. R., & Ellis, P. (2011). Cybersecurity: Protecting water and wastewater infrastructure. In S. Hakim, R. M. Clark, & A. Ostfeld (Eds.), Handbook of water and wastewater systems protection (pp. 285–318). Springer-Science: New York.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Alexander, R.D., Panguluri, S. (2017). Cybersecurity Terminology and Frameworks. In: Clark, R., Hakim, S. (eds) Cyber-Physical Security. Protecting Critical Infrastructure, vol 3. Springer, Cham. https://doi.org/10.1007/978-3-319-32824-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-32824-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-32822-5
Online ISBN: 978-3-319-32824-9
eBook Packages: Political Science and International StudiesPolitical Science and International Studies (R0)