Automated assessment of compliance with security best practices

Zahid Anwar, R H Campbell

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

Original languageEnglish (US)
Title of host publicationCritical Infrastructure Protection II
EditorsMauricio Papa, Sujeet Shenoi
Pages173-187
Number of pages15
DOIs
StatePublished - Nov 12 2008

Publication series

NameIFIP International Federation for Information Processing
Volume290
ISSN (Print)1571-5736

Keywords

  • Compliance assessment
  • First order logic
  • Security best practices

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint Dive into the research topics of 'Automated assessment of compliance with security best practices'. Together they form a unique fingerprint.

  • Cite this

    Anwar, Z., & Campbell, R. H. (2008). Automated assessment of compliance with security best practices. In M. Papa, & S. Shenoi (Eds.), Critical Infrastructure Protection II (pp. 173-187). (IFIP International Federation for Information Processing; Vol. 290). https://doi.org/10.1007/978-0-387-88523-0_13