{"id":244123,"date":"2024-10-19T16:01:57","date_gmt":"2024-10-19T16:01:57","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-62443-2-12010\/"},"modified":"2024-10-25T11:00:32","modified_gmt":"2024-10-25T11:00:32","slug":"bs-en-62443-2-12010","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-62443-2-12010\/","title":{"rendered":"BS EN 62443-2-1:2010"},"content":{"rendered":"

IEC 62443-2-1:2010 defines the elements necessary to establish a cyber security management system (CSMS) for industrial automation and control systems (IACS) and provides guidance on how to develop those elements. This standard uses the broad definition and scope of what constitutes an IACS described in IEC\/TS 62443-1-1. The elements of a CSMS described in this standard are mostly policy, procedure, practice and personnel related, describing what shall or should be included in the final CSMS for the organization. This bilingual version (2012-04) corresponds to the monolingual English version, published in 2010-11.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
4<\/td>\nCONTENTS <\/td>\n<\/tr>\n
7<\/td>\nFOREWORD <\/td>\n<\/tr>\n
9<\/td>\n0 INTRODUCTION
0.1 Overview
0.2 A cyber security management system for IACS
0.3 Relationship between this standard and ISO\/IEC 17799 and ISO\/IEC 27001 <\/td>\n<\/tr>\n
11<\/td>\n1 Scope
2 Normative references
3 Terms, definitions, abbreviated terms, acronyms, and conventions
3.1 Terms and definitions <\/td>\n<\/tr>\n
16<\/td>\n3.2 Abbreviated terms and acronyms <\/td>\n<\/tr>\n
18<\/td>\n3.3 Conventions
4 Elements of a cyber security management system
4.1 Overview <\/td>\n<\/tr>\n
19<\/td>\nFigures
Figure 1 \u2013 Graphical view of elements of a cyber security management system <\/td>\n<\/tr>\n
20<\/td>\n4.2 Category: Risk analysis
Figure 2 \u2013 Graphical view of category: Risk analysis
Tables
Table 1 \u2013 Business rationale: Requirements <\/td>\n<\/tr>\n
21<\/td>\nTable 2 \u2013 Risk identification, classification and assessment: Requirements <\/td>\n<\/tr>\n
22<\/td>\n4.3 Category: Addressing risk with the CSMS
Figure 3 \u2013 Graphical view of element group:Security policy, organization and awareness <\/td>\n<\/tr>\n
23<\/td>\nTable 3 \u2013 CSMS scope: Requirements <\/td>\n<\/tr>\n
24<\/td>\nTable 4 \u2013 Organizing for security: Requirements
Table 5 \u2013 Staff training and security awareness: Requirements <\/td>\n<\/tr>\n
25<\/td>\nTable 6 \u2013 Business continuity plan: Requirements <\/td>\n<\/tr>\n
26<\/td>\nTable 7 \u2013 Security policies and procedures: Requirements <\/td>\n<\/tr>\n
27<\/td>\nFigure 4 \u2013 Graphical view of element group: Selected security countermeasures <\/td>\n<\/tr>\n
28<\/td>\nTable 8 \u2013 Personnel security: Requirements <\/td>\n<\/tr>\n
29<\/td>\nTable 9 \u2013 Physical and environmental security: Requirements <\/td>\n<\/tr>\n
30<\/td>\nTable 10 \u2013 Network segmentation: Requirements <\/td>\n<\/tr>\n
31<\/td>\nTable 11 \u2013 Access control \u2013 Account administration: Requirements <\/td>\n<\/tr>\n
32<\/td>\nTable 12 \u2013 Access control \u2013 Authentication: Requirements <\/td>\n<\/tr>\n
33<\/td>\nTable 13 \u2013 Access control \u2013 Authorization: Requirements <\/td>\n<\/tr>\n
34<\/td>\nFigure 5 \u2013 Graphical view of element group: Implementation <\/td>\n<\/tr>\n
35<\/td>\nTable 14 \u2013 Risk management and implementation: Requirements
Table 15 \u2013 System development and maintenance: Requirements <\/td>\n<\/tr>\n
36<\/td>\nTable 16 \u2013 Information and document management: Requirements <\/td>\n<\/tr>\n
37<\/td>\nTable 17 \u2013 Incident planning and response: Requirements <\/td>\n<\/tr>\n
38<\/td>\n4.4 Category: Monitoring and improving the CSMS
Figure 6 \u2013 Graphical view of category: Monitoring and improving the CSMS <\/td>\n<\/tr>\n
39<\/td>\nTable 18 \u2013 Conformance: Requirements <\/td>\n<\/tr>\n
40<\/td>\nTable 19 \u2013 Review, improve and maintain the CSMS: Requirements <\/td>\n<\/tr>\n
41<\/td>\nAnnex A (informative) Guidance for developing the elements of a CSMS <\/td>\n<\/tr>\n
42<\/td>\nFigure A.1 \u2013 Graphical view of elements of a cyber security management system
Figure A.2 \u2013 Graphical view of category: Risk analysis <\/td>\n<\/tr>\n
46<\/td>\nFigure A.3 \u2013 Reported attacks on computer systems through 2004 (source: CERT) <\/td>\n<\/tr>\n
54<\/td>\nTable A.1 \u2013 Typical likelihood scale <\/td>\n<\/tr>\n
56<\/td>\nTable A.2 \u2013 Typical consequence scale <\/td>\n<\/tr>\n
57<\/td>\nTable A.3 \u2013 Typical risk level matrix <\/td>\n<\/tr>\n
59<\/td>\nFigure A.4 \u2013 Sample logical IACS data collection sheet <\/td>\n<\/tr>\n
61<\/td>\nFigure A.5 \u2013 Example of a graphically rich logical network diagram <\/td>\n<\/tr>\n
68<\/td>\nFigure A.6 \u2013 Graphical view of element group:Security policy, organization, and awareness <\/td>\n<\/tr>\n
84<\/td>\nFigure A.7 \u2013 Graphical view of element group: Selected security countermeasures <\/td>\n<\/tr>\n
92<\/td>\nFigure A.8 \u2013 Reference architecture alignment with an example segmented architecture <\/td>\n<\/tr>\n
97<\/td>\nFigure A.10 \u2013 Access control: Account administration <\/td>\n<\/tr>\n
100<\/td>\nFigure A.11 \u2013 Access control: Authentication <\/td>\n<\/tr>\n
105<\/td>\nFigure A.12 \u2013 Access control: Authorization <\/td>\n<\/tr>\n
108<\/td>\nFigure A.13 \u2013 Graphical view of element group: Implementation <\/td>\n<\/tr>\n
109<\/td>\nTable A.4 \u2013 Example countermeasures and practices based on IACS risk levels <\/td>\n<\/tr>\n
111<\/td>\nFigure A.14 \u2013 Security level lifecycle model: Assess phase <\/td>\n<\/tr>\n
112<\/td>\nTable A.5 \u2013 Example IACS asset table with assessment results
Table A.6 \u2013 Example IACS asset table with assessment results and risk levels <\/td>\n<\/tr>\n
114<\/td>\nFigure A.15 \u2013 Corporate security zone template architecture <\/td>\n<\/tr>\n
115<\/td>\nFigure A.16 \u2013 Security zones for an example IACS <\/td>\n<\/tr>\n
116<\/td>\nTable A.7 \u2013 Target security levels for an example IACS <\/td>\n<\/tr>\n
118<\/td>\nFigure A.17 \u2013 Security level lifecycle model: Develop and implement phase <\/td>\n<\/tr>\n
122<\/td>\nFigure A.18 \u2013 Security level lifecycle model: Maintain phase <\/td>\n<\/tr>\n
135<\/td>\nFigure A.19 \u2013 Graphical view of category: Monitoring and improving the CSMS <\/td>\n<\/tr>\n
142<\/td>\nAnnex B (informative) Process to develop a CSMS
Figure B.1 \u2013 Top level activities for establishing a CSMS <\/td>\n<\/tr>\n
144<\/td>\nFigure B.2 \u2013 Activities and dependencies for activity: Initiate CSMS program <\/td>\n<\/tr>\n
145<\/td>\nFigure B.3 \u2013 Activities and dependencies for activity: High-level risk assessment <\/td>\n<\/tr>\n
146<\/td>\nFigure B.4 \u2013 Activities and dependencies for activity: Detailed risk assessment
Figure B.5 \u2013 Activities and dependencies for activity: Establish security policy, organization and awareness <\/td>\n<\/tr>\n
147<\/td>\nFigure B.6 \u2013 Training and assignment of organization responsibilities <\/td>\n<\/tr>\n
148<\/td>\nFigure B.7 \u2013 Activities and dependencies for activity:Select and implement countermeasures <\/td>\n<\/tr>\n
149<\/td>\nFigure B.8 \u2013 Activities and dependencies for activity: Maintain the CSMS <\/td>\n<\/tr>\n
150<\/td>\nAnnex C (informative) Mapping of requirements to ISO\/IEC 27001
Table C.1 \u2013 Mapping of requirements in this standard to ISO\/IEC 27001 references <\/td>\n<\/tr>\n
154<\/td>\nTable C.2 \u2013 Mapping of ISO\/IEC 27001 requirements to this standard <\/td>\n<\/tr>\n
158<\/td>\nBibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Industrial communication networks. Network and system security – Establishing an industrial automation and control system security program<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2011<\/td>\n164<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":244130,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[668,2641],"product_tag":[],"class_list":{"0":"post-244123","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-35-100-05","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/244123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/244130"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=244123"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=244123"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=244123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}