Brochure
More information from http://www.researchandmarkets.com/reports/3085299/
Code of Practice for Cyber Security in the Built Environment
Description: This code of practice explains why and how cyber security should be considered throughout a building’s lifecycle and explains good practice, focusing on building-related systems and all connections to the wider cyber environment.
The book provides clear practical guidance to help multidisciplinary teams understand how the
management of key aspects of cyber security relate to their specific jobs and responsibilities in maintaining the security of a building.
Intended to act as an integral part of an organisation’s overall management system ensuring the cyber security of building related systems, the code of practice will be an invaluable resource for companies looking to improve their building’s cyber security.
Book readership:
- Construction Project Managers and Architects - Developers and investors
- System Vendors and Consultants - Insurers and Risk assessors
- Facilities Managers / Security Managers
Contents: Foreword
1. Introduction 1.1 Aim and objectives
1.2 Who should use this Code of Practice?
1.3 Applicability
1.4 Relationship with the building lifecycle 1.5 Document structure
2. Overview
2.1 The building lifecycle 2.2 What is cyber security?
2.3 Cyber security needs by building lifecycle phase 2.3.1 Commission or acquisition - Phase A
2.3.2 Strategy and business case - Phase B 2.3.3 Design or redesign - Phase C
2.3.4 Build or change - Phase D
2.3.5 Use, operate and maintain- Phase E 2.3.6 Decommission or disposal – Phase F 2.4 Stakeholder roles and cyber security
3. Applying cyber security through the lifecycle of a building 3.1 Introduction
3.2 Who is responsible for the cyber security of building systems and data?
3.3 What building systems and data need to be protected?
3.4 What could adversely affect the building systems and data?
3.5 Where are the building systems and data located?
3.6 How should building systems and data be protected?
4. Next Steps Glossary
Appendix A - Understanding cyber security A.1 Introduction
A.2 Understanding vulnerabilities, risks and threats
A.3 Cyber security attributes A.4 Cyber security context A.5 Potential threat agents A.5.1 Types of threat agent
A.5.2 Potential hostile threat agent groups
A.6 Enterprise and Industrial Control Systems Architecture A.7 Standards, guidance and good practice
Appendix B - Developing a cyber security strategy B.1 Overall development process
B.2 Understanding the context
B.3 Cyber security risk analysis and evaluation B.4 Managing and mitigating cyber security risks
Appendix C – Developing a cyber security policy for a building C.1 Relationship of cyber security policies, processes and procedures C.1.1 Cyber security policy
C.1.2 Cyber security processes C.1.3 Cyber security procedures
C.2 Cyber security policy objectives and scope C.3 Legislation and building systems
C.4 Cyber security leadership
Appendix D - Managing ‘process and procedure’ aspects D.1 Cyber security risk management
D.1.1 Identification and analysis of system and systemic risks D.1.2 Identification and analysis of dynamic and emergent risks Gather intelligence
Understand own operating environment D.2 Cyber security in the supply chain D.3 System operations
D.3.1 Systems and infrastructure documentation D.3.2 Building and systems maintenance
D.4 Incident response, investigation and management Appendix E - Configuration control
E.1 Change management for processes, systems and infrastructure E.2 Implementation of physical security measures
E.3 Maintenance of an inventory of hardware and devices E.4 Maintenance of an inventory of software
E.5 Implementation of secure configurations for hardware and software E.6 Secure configurations for communications and network devices E.7 Application of wireless device control
E.8 Limitation and control of network ports, protocols, and services E.9 Control of the use of administrative privileges
Appendix F - Managing ‘people’ aspects F.1 Appointments, roles and responsibilities F.1.1 The insider risk
F.1.2 Factors contributing to insider attacks F.1.3 Managing personnel security
F.2 Managing consultants, contractors and agency staff F.3 Awareness, training and education
F.3.1 Cyber security awareness F.3.2 Cyber security training F.3.3 Cyber security education F.4 Audits
Appendix G - Managing technical aspects G.1 Operational security
G.2 Physical security of building systems
G.3 Communications security, EMC and jamming G.3.1 Communications security (COMSEC)
G.3.2 Electromagnetic Compatibility (EMC) G.3.3 Jamming
G.4 Systems architecture and interconnections G.4.1 Network and communications architecture G.4.2 Firewalls
G.4.3 Remote access G.4.4 Anti-malware software G.4.5 E-mail and internet access G.4.6 System hardening
G.4.7 Backups and recovery G.4.8 Systems monitoring
G.4.9 Wireless networking and connectivity G.4.10 Security and maintenance patching
G.4.11 Device connection and disconnection procedures G.4.12 Managing change
G.5 Resilience
Appendix H - Trustworthy software H.1 What is ‘software trustworthiness’?
H.2 Trustworthiness Levels
H.3 Trustworthy Software Framework (TSF) H.3.1 TSF concepts
H.3.2 TSF principles
H.4 Applying the Trustworthy Software Framework H.4.1 Governance
H.4.2 Risk H.4.3 Controls H.3.1 Personnel H.3.2 Physical H.3.3 Procedural H.3.4 Technical H.4 Compliance
H.5 Application of TSF principles across systems lifecycle Appendix I - Bibliography
I.1 General IT security standards
I.2 Security and safety of Industrial Control Systems (ICS & SCADA) I.3 Business related security guidance
I.2 Other standards and guidance
Appendix J - Factors to consider in assessing system context
Ordering: Order Online - http://www.researchandmarkets.com/reports/3085299/
Order by Fax - using the form below
Order by Post - print the order form below and send to Research and Markets,
Guinness Centre, Taylors Lane, Dublin 8, Ireland.
Page 1 of 2 Fax Order Form
To place an order via fax simply print this form, fill in the information below and fax the completed form to 646-607-1907 (from USA) or +353-1-481-1716 (from Rest of World). If you have any questions please visit
http://www.researchandmarkets.com/contact/
Order Information
Please verify that the product information is correct and select the format(s) you require.
Product Formats
Please select the product formats and quantity you require:
* Shipping/Handling is only charged once per order.
Contact Information
Please enter all the information below in BLOCK CAPITALS
Product Name: Code of Practice for Cyber Security in the Built Environment Web Address: http://www.researchandmarkets.com/reports/3085299/
Office Code: SC
Quantity Hard Copy
(Paper back): USD 126 + USD 28 Shipping/Handling
E-Book (PDF): USD 126
Title: Mr
Mrs Dr
Miss Ms
Prof
First Name: Last Name:
Email Address: * Job Title:
Organisation:
Address:
City:
Postal / Zip Code:
Country:
Phone Number:
Fax Number:
* Please refrain from using free email accounts when ordering (e.g. Yahoo, Hotmail, AOL)
Page 2 of 2 Payment Information
Please indicate the payment method you would like to use by selecting the appropriate box.
Please fax this form to:
(646) 607-1907 or (646) 964-6609 - From USA +353-1-481-1716 or +353-1-653-1571 - From Rest of World
Pay by credit card: You will receive an email with a link to a secure webpage to enter your credit card details.
Pay by check: Please post the check, accompanied by this form, to:
Research and Markets, Guinness Center, Taylors Lane, Dublin 8, Ireland.
Pay by wire transfer: Please transfer funds to:
Account number 833 130 83
Sort code 98-53-30
Swift code ULSBIE2D
IBAN number IE78ULSB98533083313083
Bank Address Ulster Bank,
27-35 Main Street, Blackrock, Co. Dublin, Ireland.
If you have a Marketing Code please enter it below:
Marketing Code:
Please note that by ordering from Research and Markets you are agreeing to our Terms and Conditions at http://www.researchandmarkets.com/info/terms.asp
