Identificación de elementos de seguridad basados en el modelo C2M2 para la industria manufacturera del sector textil

Vista sencilla de ítem
dc.contributor.authorAristizábal Correa, Jorge Mariospa
dc.contributor.authorMarín Ramírez, Leonelspa
dc.contributor.authorÁlvarez Salazar, Johnyspa
dc.contributor.googlescholarÁlvarez Salazar, Johny [h4QtY5EAAAAJ]spa
dc.contributor.orcidAristizábal Correa, Jorge Mario [0000-0003-1880-8684]spa
dc.contributor.orcidÁlvarez Salazar, Johny [0000-0002-7041-8619]spa
dc.date.accessioned2020-10-27T00:19:56Z
dc.date.available2020-10-27T00:19:56Z
dc.date.issued2019-12-01
dc.description.abstractEn este trabajo se presenta un estudio de identificación de los elementos de seguridad que afectan a la industria textil –que utiliza sistemas SCADA– los riesgos de fuga, indisponibilidad o alteración no permitida de la información en los ambientes comunes en que operan las tecnologías de la información (TI) y las tecnologías de operación (TO). Para llevar a cabo lo anterior se utilizaron los elementos identificados en la guía de seguridad para los sistemas de control industrial NIST 800-82 y el modelo de madurez en ciberseguridad C2M2. Como resultado se obtuvieron los elementos de seguridad que se ven involucrados en los diferentes procesos, tendencias tecnológicas de la industria analizada; de otra parte, se realizó un comparativo del modelo C2M2 y la NIST 800-82.spa
dc.description.abstractenglishThis paper presents a study based on the identification of the security elements that affect the textile industry where SCADA systems are used, and that may cause risks of leakage, unavailability or unauthorized alteration of information, in common environments in which information technologies (IT) and operating technologies (OT) operate. For this, the elements identified in the safety guide for industrial control systems NIST 800-82 and the cybersecurity maturity model C2M2 were used. As a result, the security elements that are involved in the different processes, technological trends of the analyzed industry were obtained and a comparison of the C2M2 and NIST 800-82 models is made.eng
dc.format.mimetypeapplication/pdfspa
dc.format.mimetypeText/htmlspa
dc.identifier.doi10.29375/25392115.3722
dc.identifier.instnameinstname:Universidad Autónoma de Bucaramanga UNABspa
dc.identifier.issn2539-2115
dc.identifier.issn1657-2831
dc.identifier.repourlrepourl:https://repository.unab.edu.co
dc.identifier.urihttp://hdl.handle.net/20.500.12749/8826
dc.language.isospaspa
dc.publisherUniversidad Autónoma de Bucaramanga UNAB
dc.relationhttps://revistas.unab.edu.co/index.php/rcc/article/view/3722/3158
dc.relationHttps://revistas.unab.edu.co/index.php/rcc/article/view/3722/3144
dc.relation/*ref*/Ani, U. P. D., He, H. (Mary), & Tiwari, A. (2017). Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. Journal of Cyber Security Technology, 1(1), 32–74. https://doi.org/10.1080/23742917.2016.1252211
dc.relation/*ref*/Assante, D., Romano, E., Flamini, M., Castro, M., Martin, S., Lavirotte, S., & Spatafora, M. (2018). Internet of Things education: Labor market training needs and national policies. In 2018 IEEE Global Engineering Education Conference (EDUCON) (pp. 1846–1853). IEEE. https://doi.org/10.1109/EDUCON.2018.8363459
dc.relation/*ref*/Bernieri, G., Etchevés Miciolino, E., Pascucci, F., & Setola, R. (2017). Monitoring system reaction in cyber-physical testbed under cyber-attacks. Computers & Electrical Engineering, 59, 86–98. https://doi.org/10.1016/j.compeleceng.2017.02.010
dc.relation/*ref*/Candell, R., Anand, D., & Stouffer, K. (2014). A cybersecurity testbed for industrial control systems. In Proceedings of the 2014 Process Control and Safety Symposium (pp. 1–16). Retrieved from https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=915876
dc.relation/*ref*/Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27. https://doi.org/10.1016/j.cose.2015.09.009
dc.relation/*ref*/CIDETEXCO. (2011). Tendencias tecnológicas ciclo de vida de producto. industria fibra textil confección R2-2011-CIDETEXCO.
dc.relation/*ref*/Curtis, P. D., & Mehravari, N. (2015). Evaluating and improving cybersecurity capabilities of the energy critical infrastructure. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1–6). IEEE. https://doi.org/10.1109/THS.2015.7225323.
dc.relation/*ref*/Cybersecurity and Infrastructure Security Agency. (2018). ICS Alert (ICS-ALERT-12-195-01). Retrieved May 30, 2019, from https://www.us-cert.gov/ics/alerts/ICS-ALERT-12-195-01.
dc.relation/*ref*/Hernández Cevallos, M. I., & Ledesma Marcalla, D. A. (2010). Desarrollo de un sistema SCADA para la medición de voltajes con sistemas embebidos para el laboratorio de mecatrónica de la facultad de mecánica. Retrieved from http://dspace.espoch.edu.ec/bitstream/123456789/1137/1/25T00140.pdf.
dc.relation/*ref*/Johnson, C. (2012). CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In Achieving Systems Safety (pp. 85–95). London: Springer London. https://doi.org/10.1007/978-1-4471-2494-8_8.
dc.relation/*ref*/Knapp, E. D., & Langill, J. T. (2015). Industrial Network Security (Second). Elsevier. https://doi.org/10.1016/C2013-0-06836-3.
dc.relation/*ref*/Kornecki, A. J., & Zalewski, J. (2010). Safety and security in industrial control. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW ’10 (p. 1). New York, New York, USA: ACM Press. https://doi.org/10.1145/1852666.1852754.
dc.relation/*ref*/Kriz, D. (2011). Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. In 2011 Second Worldwide Cybersecurity Summit (WCS). London, UK: IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/5978798.
dc.relation/*ref*/McGurk, S. P. (2008). Industrial Control Systems Security. Retrieved from https://csrc.nist.gov/csrc/media/events/ispab-december-2008-meeting/documents/icssecurity_ispab-dec2008_spmcgurk.pdf.
dc.relation/*ref*/Proença, D., & Borbinha, J. (2016). Maturity Models for Information Systems - A State of the Art. Procedia Computer Science, 100, 1042–1049. https://doi.org/10.1016/j.procs.2016.09.279.
dc.relation/*ref*/Schrecker, S. (2015). Industrial automation systems cybersecurity. Embedding end-to-end trust and security. Retrieved May 30, 2019, from https://www.isa.org/intech/20150401/.
dc.relation/*ref*/U.S. Department of Energy. (2014). Cybersecurity Capability Maturity Model (C2M2). Retrieved May 30, 2019, from https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-0.
dc.relation.referencesAni, U. P. D., He, H. (Mary), y Tiwari, A. (2017). Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. Journal of Cyber Security Technology, 1(1), 32–74. https://doi.org/10.1080/ 23742917.2016.1252211
dc.relation.referencesAssante, D., Romano, E., Flamini, M., Castro, M., Martin, S., Lavirotte, S., y Spatafora, M. (2018). Internet of Things education: Labor market training needs and national policies. In 2018 IEEE Global Engineering Education Conference (EDUCON) (pp. 1846–1853). IEEE. https://doi.org/10.1109/EDUCON.2018.8363459
dc.relation.referencesBernieri, G., Etchevés Miciolino, E., Pascucci, F., y Setola, R. (2017). Monitoring system reaction in cyber-physical testbed under cyber-attacks. Computers y Electrical Engineering, 59, 86–98. https://doi.org/10.1016/j. compeleceng.2017.02.010
dc.relation.referencesCandell, R., Anand, D., y Stouffer, K. (2014). A cybersecurity testbed for industrial control systems. In Proceedings of the 2014 Process Control and Safety Symposium (pp. 1–16). Retrieved from https://ws680.nist.gov/ publication/get_pdf.cfm?pub_id=915876
dc.relation.referencesCherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., y Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers y Security, 56, 1–27. https://doi. org/10.1016/j.cose.2015.09.009
dc.relation.referencesCIDETEXCO. (2011). Tendencias tecnológicas ciclo de vida de producto. industria fbra textil confección R2-2011- CIDETEXCO.
dc.relation.referencesCurtis, P. D., y Mehravari, N. (2015). Evaluating and improving cybersecurity capabilities of the energy critical infrastructure. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1–6). IEEE. https://doi.org/10.1109/THS.2015.7225323.
dc.relation.referencesCybersecurity and Infrastructure Security Agency. (2018). ICS Alert (ICS-ALERT-12-195-01). Retrieved May 30, 2019, from https://www.us-cert.gov/ics/alerts/ICS-ALERT-12-195-01.
dc.relation.referencesHernández Cevallos, M. I., y Ledesma Marcalla, D. A. (2010). Desarrollo de un sistema SCADA para la medición de voltajes con sistemas embebidos para el laboratorio de mecatrónica de la facultad de mecánica. Retrieved from http://dspace.espoch.edu.ec/bitstream/123456789/1137/1/25T00140.pdf.
dc.relation.referencesJohnson, C. (2012). CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In Achieving Systems Safety (pp. 85–95). London: Springer London. https://doi.org/10.1007/978-1-4471-2494-8_8.
dc.relation.referencesKnapp, E. D., y Langill, J. T. (2015). Industrial Network Security (Second). Elsevier. https://doi.org/10.1016/C2013- 0-06836-3.
dc.relation.referencesKornecki, A. J., y Zalewski, J. (2010). Safety and security in industrial control. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW ’10 (p. 1). New York, New York, USA: ACM Press. https://doi.org/10.1145/1852666.1852754.
dc.relation.referencesKriz, D. (2011). Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. In 2011 Second Worldwide Cybersecurity Summit (WCS). London, UK: IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/5978798.
dc.relation.referencesMcGurk, S. P. (2008). Industrial Control Systems Security. Retrieved from https://csrc.nist.gov/csrc/media/events/ ispab-december-2008-meeting/documents/icssecurity_ispab-dec2008_spmcgurk.pdf.
dc.relation.referencesProença, D., y Borbinha, J. (2016). Maturity Models for Information Systems - A State of the Art. Procedia Computer Science, 100, 1042–1049. https://doi.org/10.1016/j.procs.2016.09.279.
dc.relation.referencesSchrecker, S. (2015). Industrial automation systems cybersecurity. Embedding end-to-end trust and security. Retrieved May 30, 2019, from https://www.isa.org/intech/20150401/.
dc.relation.referencesU.S. Department of Energy. (2014). Cybersecurity Capability Maturity Model (C2M2). Retrieved May 30, 2019, from https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sectorcybersecurity-0-0.
dc.relation.urihttps://revistas.unab.edu.co/index.php/rcc/article/view/3722
dc.rightsDerechos de autor 2019 Revista Colombiana de Computación
dc.rights.accessrightsinfo:eu-repo/semantics/openAccessspa
dc.rights.creativecommonsAttribution-NonCommercial-ShareAlike 4.0 International*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/2.5/co/
dc.sourceRevista Colombiana de Computación; Vol. 20 Núm. 2 (2019): Revista Colombiana de Computación; 56-67
dc.subjectTIC
dc.subjectDesarrollo urbano
dc.subjectPlaneación territorial
dc.subjectGobierno local
dc.subjectSistemas de información
dc.subject.keywordsC2M2eng
dc.subject.keywordsCibersecurityeng
dc.subject.keywordsSCADAeng
dc.subject.keywordsSecurity elementseng
dc.subject.keywordsTextile industryeng
dc.subject.keywordsComputer's scienceeng
dc.subject.keywordsTechnological innovationseng
dc.subject.keywordsResearcheng
dc.subject.keywordsTechnology of the information and communicationeng
dc.subject.lembCiencias de la computaciónspa
dc.subject.lembInnovaciones tecnológicasspa
dc.subject.lembInvestigaciónspa
dc.subject.lembTecnologías de la información y la comunicaciónspa
dc.subject.proposalDesarrollo urbanospa
dc.subject.proposalPlaneación territorialspa
dc.subject.proposalGobierno localspa
dc.subject.proposalSistemas de informaciónspa
dc.titleIdentificación de elementos de seguridad basados en el modelo C2M2 para la industria manufacturera del sector textilspa
dc.title.translatedIdentification of safety elements based on the C2M2 model for the textile industryeng
dc.type.coarhttp://purl.org/coar/resource_type/c_7a1f
dc.type.driverinfo:eu-repo/semantics/article
dc.type.hasversionInfo:eu-repo/semantics/publishedVersion
dc.type.hasversioninfo:eu-repo/semantics/acceptedVersion
dc.type.localArtículospa
dc.type.redcolhttp://purl.org/redcol/resource_type/CJournalArticle

Archivos

Bloque original

Mostrando 1 - 1 de 1
Miniatura
Nombre:
2012_aRTICULO_Identificación de elementos de seguridad basados en el modelo C2M2 para la industria manufacturera del sector textil.pdf
Tamaño:
606.88 KB
Formato:
Adobe Portable Document Format
Descripción:
Artículo
Descargar

Colecciones

Revista Colombiana de Computación