Skip to main content
Article
Which Organisational Model Meets Best Practice Criterion for Critical Infrastructure Providers: An Examination of The Australian Perspective Based on Case Studies
International Cyber Resilience conference
  • Andrew Woodward, Edith Cowan University
  • Craig Valli, Edith Cowan University
Publication Date
8-23-2010
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Security Research Centre, Edith Cowan University, Perth, Western Australia
Comments
Originally published in the Proceedings of the 1st International Cyber Resilience Conference, Edith Cowan University, Perth Western Australia, 23rd August 2010
Abstract

While it is recognised that there must be segregation between corporate and process control networks in order to achieve a higher level of security, there is evidence that this is not occurring. Computer and network vulnerability assessments were carried out on three Australian critical infrastructure providers to determine their level of security. The security measures implemented by each organisation have been mapped against best practice recommendations for achieving segregation between process control and corporate networks. One of the organisations used a model which provided a dedicated information security team for provision of security for the process control networks. One of the other organisations relied heavily on outsourcing for their IT security, and a third used in house corporate IT for their process control security. It was found that the organisation using a dedicated IT security team that worked within the process control group achieved the highest level of security when mapped to best practice. This paper concludes that best practice recommendations for critical infrastructure providers should also include guidelines for the organizational structure, and further, that dedicated IT security personnel be placed within the process control group.

Disciplines
Citation Information
Andrew Woodward and Craig Valli. "Which Organisational Model Meets Best Practice Criterion for Critical Infrastructure Providers: An Examination of The Australian Perspective Based on Case Studies" (2010)
Available at: http://works.bepress.com/craig_valli/53/