Home
FT
STOP-IT Quantity FT
STOP-IT Water Quality FT
Import
List
SP Wizard
Risknought
Lists
Measures
Events
Tools
ST Procedures
Search
Login
Measure: InformationSecurityManagementSystem
Description
Implementation of an Information Security Management System (ISMS). The ISMS enables the implementation and continuous application of a thought out and effective information security process. The aim is to provide a general concept for a continuosly updated information security in a water utility.
Comments
An ISMS should be tailored to the existing management structures of the specific water utility. Due to different conditions existing in each site and utility, there cannot be one ISMS fitting as general system for all utilites. Thus there is a need of customization in each case.
Event source types
External attacker
Internal attacker
Human fault
External supplier
Event types
Destruction
Manipulation
Risk reduction mechanism
Frequency/Likelihood
Threat Types
Cyber
Cyber-Physical
Action characteristics
Proactive
Measure types
Physical Barriers
Action and Crisis Management Plans and Training
event_ measures
Event-Measure: 98479
Event-Measure: 98608
Event-Measure: 98611
Event-Measure: 98641
Event-Measure: 98721
Event-Measure: 98888
Event-Measure: 98904
Event-Measure: 99005
Event-Measure: 99028
Event-Measure: 99123
Event-Measure: 99179
Event-Measure: 99402
Event-Measure: 99558
Event-Measure: 99662
Event-Measure: 99713
Event-Measure: 99780
Event-Measure: 99824
Event-Measure: 99855
Event-Measure: 99948
Event-Measure: 100083
Event-Measure: 100118
Event-Measure: 100245
Event-Measure: 100391
Event-Measure: 100587
Event-Measure: 100739
Event-Measure: 100760
Event-Measure: 100887
Event-Measure: 100902
Event-Measure: 101022
Event-Measure: 101073
Event-Measure: 101150
Event-Measure: 101206
Event-Measure: 101292
Event-Measure: 101300
Event-Measure: 101306
Event-Measure: 101308
Event-Measure: 101314
Event-Measure: 101349
Event-Measure: 101438
Event-Measure: 101443
Event-Measure: 101473
Event-Measure: 101582
Event-Measure: 101597
Event-Measure: 101686
Event-Measure: 101831
Event-Measure: 101868
Event-Measure: 101943
Event-Measure: 101986
Event-Measure: 102389
Event-Measure: 102446
Event-Measure: 102530
Event-Measure: 102581
Event-Measure: 102833
Event-Measure: 103116
Event-Measure: 103188
Event-Measure: 103230
Event-Measure: 103331
Event-Measure: 103343
Event-Measure: 103523
Event-Measure: 103645
Event-Measure: 103730
Event-Measure: 103754
Event-Measure: 103867
Event-Measure: 103909
Event-Measure: 103984
Event Consequences
Quantity
Quality
Financial
Reputation
Asset types
Drinking Water Network
Drinking Water Tanks
Pressure Boosting Station
Water Abstraction Points
Water Treatment Plants
Events
Basic Event 276 - SQL injection to data used for demand prediction
Basic Event 277 - Malware tampers network topology characteristics on prediction models (e.g. tank volume curve)
Gate 193 - Surface water management system functions on altered data
Basic Event 250 - Malware alters PLC statements that control pump
Basic Event 278 - Ransomware wipes out WDN control system files
Basic Event 217 - Failure to regulate the temperature, humidity and air quality in environments where information systems are located
Basic Event 214 - Undetected SCADA hijacking software takes control of WTP operation
Basic Event 219 - DoS attack to WTP process system PLC
Basic Event 215 - Man-in-the-Middle attack manipulates WTP control signals
Basic Event 194 - External person manipulates transmission wires of wells
Gate 113 - Lower efficiency of WTP disinfectant undetected
Basic Event 236 - Man-in-the-Middle attack manipulates WDN tank level sensor signals
Basic Event 216 - Incorrect execution or failure of software acquired from an external party crashes WTP control system
Basic Event 195 - External person manipulates data transmission system of wells
Basic Event 159 - Incorrect execution or failure of software acquired from an external party crashes WTP control system
Basic Event 196 - Man-in-the-Middle attack manipulates well sensor signal
Basic Event 160 - Failure to regulate the temperature, humidity and air quality in environments where information systems are located
Basic Event 156 - Man-in-the-Middle attack manipulates abstraction point quality sensors
Gate 177 - Staff or PLC controlled processes run on altered WTP data
Gate 111 - Insufficient disinfection due to loss of WTP control
Basic Event 47 - Internal person physically destroys WTP sensors
Basic Event 279 - Malware corrupts prediction model database
Basic Event 157 - Man-in-the-Middle attack manipulates WDN quality sensor readings
Basic Event 48 - External person physically manipulates WTP sensor readings
Basic Event 63 - Undetected SCADA hijacking software takes control of WTP operation
Basic Event 151 - External person physicaly manipulates tank quality sensor readings
Basic Event 152 - Man-in-the-Middle attack manipulates quality sensor signals
Basic Event 281 - Incorrect execution or failure of software acquired from an external party crashes WDN control system
Basic Event 282 - Failure to regulate the temperature, humidity and air quality in environments where information systems are located
Basic Event 264 - Malware alters PLC statements that control valve
Basic Event 227 - Fake news about contamination in WTP using manipulated water company public communication
Basic Event 265 - Man-in-the-Middle attack manipulates WDN valve sensor signals
Basic Event 257 - Incorrect execution or failure of software acquired from an external party crashes PBS control system
Basic Event 169 - Man-in-the-Middle attack manipulates surface water system sensor signal
Basic Event 240 - Upadate of OS causes false positive alarms from Event Detection System
Basic Event 64 - Man-in-the-Middle attack manipulates WTP control signals
Gate 260 - WDN control system manipulated
Basic Event 167 - External person physically manipulates surface water system sensor readings
Basic Event 267 - Man-in-the-Middle attack manipulates WDN valve control signals
Basic Event 152 - Man-in-the-Middle attack manipulates quality sensor signals
Basic Event 168 - External person physically manipulates surface water system sensor readings
Basic Event 189 - Man-in-the-Middle attack manipulates groundwater quality sensor signal
Basic Event 211 - External attacker manipulates WTP transmission devices
Basic Event 209 - External person physically manipulates WTP sensor readings
Basic Event 170 - External attacker manipulates surface water system transmission devices
Basic Event 180 - Incorrect execution or failure of software acquired from an external party crashes reservoir control system
Basic Event 252 - Man-in-the-Middle attack manipulates WDN PBS sensor signals
Basic Event 151 - External person physicaly manipulates tank quality sensor readings
Basic Event 200 - Incorrect execution or failure of software acquired from an external party crashes abstraction well control system
Basic Event 49 - Internal person physically manipulates WTP sensor readings
Basic Event 201 - Malware performs DoS attack on abstraction well PLCs
Basic Event 50 - Man-in-the-Middle attack manipulates WTP sensor signal
Gate 186 - Quality verification process runs on altered WTP data
Basic Event 51 - Internal cyber manipulation of WTP sensor signal
Basic Event 65 - DoS attack to dosing system PLC
Basic Event 153 - External attacker manipulates WTP transmission devices
Gate 239 - Mislead PLC controlled WDN tank refill process
Basic Event 155 - External person physicaly manipulates abstraction point quality sensor readings
Basic Event 210 - Man-in-the-Middle attack manipulates WTP sensor signal
Basic Event 218 - Accidental errors by authorized user while maintaining information system
Basic Event 66 - No back-up alternative for WTP dosing system PLC
Basic Event 237 - Malware alters PLC statements that control WDN tank refill
Basic Event 275 - Malware alters WDN control statements
Basic Event 261 - Undetected SCADA hijacking software takes control of PBS operation
Gate 220 - Staff or PLC controlled hydraulic processes run on altered WTP data
Specific Assets
Control System
Media Channels
Sensor
Server
Transferred Information
Transmission Devices
Measure ID
M43
Name
InformationSecurityManagementSystem
Risk reduction mechanism
Frequency/Likelihood
Action characteristics
Proactive