Packt+ | Advance your knowledge in tech

You're reading from Practical Industrial Internet of Things Security

Product typeBook

Published inJul 2018

PublisherPackt

ISBN-139781788832687

Edition1st Edition

Concepts

Single Board Computers

Author (1)

Sravani Bhattacharjee

Appendix 2. II

Security standards – quick reference

Standards related to Industrial IoT security discussed in this book are summarized here for quick referenence.

Device endpoint security

CWE: Common Weakness Enumeration
FIPS 140-2: Security Requirements for Cryptographic Modules
FIPS 180-4: NIST-CSRC Secure Hash Standard (SHS)
ISO/IEC 197702: Specification on Software Tagging
ISA 62443-1-1: Security for Industrial Automation and Control Systems Part 1 – Terminology, Concepts, and Models
ISA/IEC 62443-3-3: Security for Industrial Automation and Control Systems Part 3-3 – System Security Requirements and Security Levels
ISO/IEC 15408: Common Criteria for Information Technology Security Evaluation
NIST SP 800-155: Boot-process integrity measurement
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations

Industrial connectivity infrastructure security

ISA95: Purdue Enterprise Reference Architecture Enterprise-Control System Integration
ISA-99: Industrial Automation and Control Systems Security (https://www.isa.org/isa99/)
IEC 62443: Industrial Network and System Security
IEC 62541: OPC Unified Architecture Specification
IEC 61850: Substation Automation Protocols
IEEE 1588: IEEE Standard for a Precision Clock Synchronization Protocol for Network Measurement and Control Systems
NIST SP 800-53 Rev 4: Recommended Security and Privacy Controls for Federal Information Systems and Organizations
NIST SP 800-82 Rev 2: Guide to Industrial Control Systems (ICS) Security, May 2015
NIST SP 800-52: Guidelines on the Selection and Use of Transport-Layer Security
TIA-942-A (http://www.tia-942.org/): ANSI/TIA-942-A: Telecommunications Infrastructure Standard for Datacenters (http://blog.siemon.com/standards/tia-942-and-tia-942-a-%E2%80%9Cdata-center-infrastructure%E2%80%9D-standards)

Edge-cloud security

ISO/IEC 27001: A high-level management systems standard and its associated cloud-service-specific standards: ISO/IEC 27017 (for security) and ISO/IEC 27018 (for protection of personal data)
Standards addressing specific aspects of cloud computing: ISO/IEC 27033 for network security, ISO/IEC 27034 for application security, ISO/IEC 19086 for cloud service SLAs
Technology-specific security standards: Such as OASIS KMIP (key management), FIPS 140-2 (approved cryptographic modules), and OASIS SAML 2.0 (security assertions, used in IdAM implementations)
ISO/IEC 20889: Standardizes de-identification techniques
US National Institute of Standards and Technology (NIST) Special Publication 800-175B: Provides guidance on strong cryptographic methods
NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing

Some useful documents on cloud security include the following:

CSCC white paper Cloud Security Standards: What to Expect and What to Negotiate V2.0 (http://www.cloud-council.org/deliverables/CSCC-Cloud-Security-Standards-What-to-Expect-and-What-to-Negotiate.pdf)
Cloud Control Matrix: https://downloads.cloudsecurityalliance.org/initiatives/ccm/CCM_v3_Info_Sheet.pdf
Cloud Customer Architecture for Securing Workloads on Cloud Services: Published by Cloud Security Council
SAFEcode/CSA: Practices for Secure Development of Cloud Applications
Cloud computing –Benefits, risks, and recommendations for information security: Published by European Union Agency for Network and Information Security (ENISA)

The rest of the chapter is locked

You have been reading a chapter from

Practical Industrial Internet of Things Security

Published in: Jul 2018Publisher: PacktISBN-13: 9781788832687

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Author (1)

Sravani Bhattacharjee

Sravani Bhattacharjee was a technology leader at Cisco untill 2014, where she led the architectural planning and security evaluations of several enterprise cloud/datacenter solutions. She is currently the Principal of Irecamedia, where she collaborates with Industrial IoT innovators (incl. IBM, AT&T, Microsoft, and Intel) to strategize and create compelling whitepapers and a wide variety of editorial and technical marketing content that drives awareness and business decisions. She is a member of the IEEE IoT chapter, a writer, and a speaker. She is the Managing Editor of “The IoT Review”, a podcast and blogging platform on Industrial and Enterprise IoT (iot.irecamedia.com).
Read more about Sravani Bhattacharjee

Other recommended products

Related to this chapter

Architecting the Industrial Internet

The Industrial Internet gathers data from Industrial IoT devices providing new sources of information enabling the solving old difficult problems in innovative ways.These solutions cross many disciplines. This book takes the reader through this multi-disciplinary journey that combines the operational and the enterprise view.

BookSep 2017360 pages

Industrial Cybersecurity

With ever-improving and ever-changing cyber threats, businesses need to be on their toes to ensure their safety. This comprehensive book takes you from understanding the basics of cyber security and industrial protocols to building robust industrial control systems. Through real-world scenarios, you will understand vulnerabilities and will be equipped with techniques to ward off all kinds of cyber threat.

BookOct 2017456 pages

Practical Internet of Things Security

This book will take you on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architecting and deploying a secure IoT in your enterprise. The book showcases how the IoT is implemented in early-adopting industries and describes how lessons can be learned and shared across diverse industries to support a secure IoT.

BookNov 2018382 pages

Azure IoT Development Cookbook

It is important to develop robust and reliable solutions for your organization to leverage IoT services. Microsoft’s end-to-end IoT platform is the most complete IoT offering. It empowers enterprises to build and realize value from their IoT solutions for innovative business outcomes with Microsoft Azure IoT. This book will teach you how to connect multiple devices to the Azure IoT hub, develop, manage the IoT hub service, and integrate the hub with the cloud.

BookAug 2017254 pages

Industrial Internet Application Development

Industrial Internet is the integration of complex physical machines and networked sensors and software. Increasing the number of sensors in industrial equipment is going to increase the data being captured, which needs to be analyzed. This book is a one-stop guide for software professionals to design, build, manage, and operate IIoT applications.

BookSep 2018412 pages

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

BookJul 2018356 pages

Hands-On Industrial Internet of Things

This book explains the key feature to develop a complex and stable network that helps to gather the data to optimize the asset performance and maximize the production in the Industries leveraging on the cloud infrastructure and services. By the end, you can design the Industrial IoT network and the architecture for processing its data in the cloud.

BookNov 2018556 pages

Hands-On Cybersecurity with Blockchain

Despite the growing investment in cybersecurity, modern attackers manage to bypass advanced security systems. Blockchain and Hyperledger architecture provide a safer way of avoiding such attacks. This book will help you build blockchain-based apps for DDoS protection, PKI-based identity platform, Two-factor authentication and DNS Security platform.

BookJun 2018236 pages

Information Security Handbook

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book covers the concept of information security, and shows you why it’s important.

BookDec 2017330 pages

CISSP (ISC)² Certification Practice Exams and Tests

With over 1000 practice questions, explanations of all 8 domains, and 2 full exams, this book is a fantastic exam prep solution. Take the CISSP exam (version May 2021) confidently with the help of mock questions and detailed solutions and validate your skills with the CISSP (ISC)2 certification.

BookSep 2021396 pages

Internet of Things for Architects

The Internet of Things (IoT) is the most significant factor in the technology industry in the last 10 years. It will usher in the third industrial revolution and significantly impact global economies. Industry giants are in the process of adopting IoT solutions to add value, reduce costs, and improve people’s lives. As such, the architectural side of IoT has become critical. This book will help you understand the plethora of technologies that can be used to build a successful IoT deployment. This professional guide will help you architect IoT solutions for a variety of industries and organizations.

BookJan 2018524 pages

Industrial Digital Transformation

Digital transformation requires the ability to identify opportunities across industries and apply the right technologies and tools to achieve the right business outcomes. You will be guided through how digital transformation can be implemented in your organization across different levels using emerging technologies.

BookNov 2020426 pages

Personalised recommendations for you

Based on your interests and search pattern

Architectural Patterns and Techniques for Developing IoT Solutions

This book covers all the patterns and considerations that give you both the power and flexibility to build scalable, secure, and performant IoT solutions by combining various patterns in interesting ways. It also lists the benefits of combining IoT with technologies like blockchain, 3D-printing, 5G, Generative AI, quantum computing, and LLMs.

BookSep 2023304 pages

Arduino Data Communications

Arduino Data Communication focuses on IoT’s Internet aspect, guiding you in setting up your own infrastructure for storing and managing the data collected from sensors. This book goes beyond microcontroller basics, equipping you with the knowledge essential for building real-world projects.

BookNov 2023286 pages5

Arduino IoT Cloud for Developers

From fundamental principles to advanced techniques, this comprehensive book equips you with the knowledge and skills needed to design and deploy IoT applications seamlessly. Explore cloud integration, best practices, and real-world projects to harness the full potential of IoT application development with the Arduino IoT Cloud.

BookNov 2023402 pages

The Azure IoT Handbook

Building IoT Systems with Azure IoT is a comprehensive introduction for those who are new to the Internet of Things and looking to get up to speed in no time. This book will teach you how to create and develop IoT solutions with intelligent edge-to-cloud technologies in the Azure cloud.

BookDec 2023248 pages