Security for the Utility Business
DavidBBartlett 0600017MDJ 2,837 Views
IT defense-in-depth security design principles state that one gets better security enforcement when an entity is protected by not just one layer or one component, but by multiple, diverse mechanisms. These and many other IT security principles (such as segmentation of network zones, least privileges) are covered by IT security standards ISO 27002:2005 and ISO 15408. They cover areas such as trusted and consistent identities, authentication and access control, information flow control, audit and compliance and business and IT resiliency. Any energy and utility organization will need to build upon these same principles and objectives for their corporate business and IT infrastructures.