Paper Number
1698
Paper Type
Complete Research Paper
Abstract
The distinct security challenges and characteristics inherent in Industrial Automation and Control Systems (IACS) within the Industrial Internet of Things (IIoT) have driven the adoption of security standards. Adhering to these standards mandates continuous and automated monitoring of Security Requirements (SRs) specific to the standard. This paper proposes a \textit{Security Compliance Monitoring and Verification (SCMV)} framework that describes the key components and interactions for ongoing compliance assessment. The modular framework allows extensions or modifications of individual components. In addition, we demonstrate the potential of SCMV through the integration of process-related information, in particular BPMN annotations. This integration improves the visibility of the implemented security measures, enabling a comprehensive approach to achieving full compliance with security standards.
Recommended Citation
Oberhofer, Daniel; Hornsteiner, Markus; and Schönig, Stefan, "Process-Aware Security Standard Compliance Monitoring and Verification for the IIoT" (2024). ECIS 2024 Proceedings. 1.
https://aisel.aisnet.org/ecis2024/track08_bpm_di/track08_bpm_di/1
Process-Aware Security Standard Compliance Monitoring and Verification for the IIoT
The distinct security challenges and characteristics inherent in Industrial Automation and Control Systems (IACS) within the Industrial Internet of Things (IIoT) have driven the adoption of security standards. Adhering to these standards mandates continuous and automated monitoring of Security Requirements (SRs) specific to the standard. This paper proposes a \textit{Security Compliance Monitoring and Verification (SCMV)} framework that describes the key components and interactions for ongoing compliance assessment. The modular framework allows extensions or modifications of individual components. In addition, we demonstrate the potential of SCMV through the integration of process-related information, in particular BPMN annotations. This integration improves the visibility of the implemented security measures, enabling a comprehensive approach to achieving full compliance with security standards.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.