Abstract
The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The initiative is developed with the technical support of relevant international and regional organizations, the European Union Member States, and other stakeholders, through coherent and effective cooperation at the national, regional, and international level.
- 2.
The European Union’s “CBRN” program does not include explosives in its scope of work. However, Project 19’s information security work is applicable for all CBRNe facilities.
References
Schneier B.: Modeling Security Threats. In: Dr. Dobb’s Journal (1999). Accessed March 20, 2017 at https://www.schneier.com/paper-attacktrees-ddj-ft.html
United Nations Interregional Criminal Justice Research Institute: How to Implement Security Controls for an Information Security Program at CBRN Facilities. UNICRI, Turin, Italy (2015b). Accessed March 20, 2017 at http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25112.pdf
United Nations Interregional Criminal Justice Research Institute: Information Security Management System Planning for CBRN Facilities. UNICRI, Turin, Italy (2015c). Accessed March 20, 2017 at http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-24874.pdf
United Nations Interregional Criminal Justice Research Institute: Information Security Best Practices for CBRN Facilities. UNICRI, Turin, Italy (2015a). Accessed March 20, 2017 at http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25112.pdf
International Organization for Standardization: ISO/IEC 27000:2014 Information Technology—Security Techniques—Information Security Management Systems—Overview and Vocabulary (2013)
International Organization for Standardization: ISO 27001 Controls and Objectives Annex A (2014)
The White House Plan: National Strategy for Information Sharing and Safeguarding (2012). Accessed March 20, 2017 at https://obamawhitehouse.archives.gov/sites/default/files/docs/2012sharingstrategy_1.pdf
IEEE Standard for Developing Software Life Cycle Processes in: Institute of Electrical and Electronics Engineers IEEE Standard 1074-1995 (1997). Accessed March 20, 2017 at http://arantxa.ii.uam.es/~sacuna/is1/normas/IEEE_Std_1074_1997.pdf
Council on Cyber Security: Critical Security Controls for Effective Cyber Defense, Version 5 (2015). Accessed March 20, 2017 at https://www.cisecurity.org/critical-controls/Library.cfm
Australian Signals Directorate: ‘Top 4’ Strategies to Mitigate Targeted Cyber Intrusions: Mandatory Requirement Explained. Australian Signals Directorate/Defence Signals Directorate, Australian Government, Department of Defence, Intelligence and Security (2013). Accessed March 20, 2017 at http://www.asd.gov.au/publications/Top_4_Strategies_Explained.pdf
National Rural Electric Cooperative Association: Guide to Developing a Cyber Security and Risk Mitigation Plan. NRECA/Cooperative Research Network Smart Grid Demonstration Project. Arlington, Virginia (2014a). Available by using the download tool at https://groups.cooperative.com/smartgriddemo/public/CyberSecurity/Pages/default.aspx. Accessed March 20, 2017
National Rural Electric Cooperative Association: Cyber Security Plan Template. NRECA/Cooperative Research Network Smart Grid Demonstration Project. Arlington, Virginia (2014b). Available by using the download tool at https://groups.cooperative.com/smartgriddemo/public/CyberSecurity/Pages/default.aspx. Accessed November 23, 2015.
NIST - National Institute of Standards and Technology. 1995. An Introduction to Computer Security: The NIST Handbook. NIST Special Publication 800-12. National Institute of Standards and Technology, Gaithersburg, Maryland. Accessed July 26, 2017 at http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf.
NIST - National Institute of Standards and Technology. 2013a. Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800-82, revision 1, National Institute of Standards and Technology, Gaithersburg, Maryland. Accessed July 26, 2017 at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r1.pdf.
NIST - National Institute of Standards and Technology. 2013b. Security and Privacy Controls for Federal Information Systems and Organizations. NIST Special Publication 800-53, revision 4. Accessed July 26, 2017 http://dx.doi.org/10.6028/NIST.SP.800-53r4.
NIST - National Institute of Standards and Technology. 2014. “The Security Content Automation Protocol (SCAP).” Accessed July 26, 2017 at http://scap.nist.gov/.
CERT. 2010. “Insider Threat Deep Dive: IT Sabotage.” Published September 22, 2010. Accessed July 26, 2017 at http://www.cert.org/blogs/insider-threat/post.cfm?EntryID=57.
Council on CyberSecurity. 2014. “The Critical Security Controls for Effective Cyber Defense Version 5.1” Accessed July 26, 2017 at http://www.counciloncybersecurity.org/critical-controls/.
ASD – Australian Signals Directorate. 2014. “Top 35 Strategies to Mitigate Targeted Cyber Intrusions.” Accessed July 26, 2017 at https://www.checkpoint.com/asd-top-35-mitigation-strategies/.
ISO/IEC – International Standards Organization/International Electrotechnical Commission. 2013. Information Technology—Security Techniques—Code of Practice for Information Security Controls. ISO/IEC 27002:2013. Accessed July 26, 2017 at http://www.iso.org/iso/catalogue_detail?csnumber=54533.
Acknowledgments
This chapter was produced in connection with Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative. The initiative is implemented in cooperation with the United Nations Interregional Crime and Justice Research Institute and the European Commission Joint Research Center. The initiative is developed with the technical support of relevant international and regional organizations, the European Union Member States, and other stakeholders, through coherent and effective cooperation at the national, regional, and international level. Special thanks go to Odhran McCarthy and the staff at the United Nations Interregional Crime and Justice Research Institute for their support, patience, and technical guidance during this project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Glantz, C. et al. (2017). Implementing an Information Security Program. In: Martellini, M., Malizia, A. (eds) Cyber and Chemical, Biological, Radiological, Nuclear, Explosives Challenges. Terrorism, Security, and Computation. Springer, Cham. https://doi.org/10.1007/978-3-319-62108-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-62108-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62107-4
Online ISBN: 978-3-319-62108-1
eBook Packages: Computer ScienceComputer Science (R0)