참고문헌
- ISO/IEC 27001:2005, Information technology - Security techniques - Information security management systems - Requirements, October 2005.
- ISO/IEC 27002:2005, Information technology - Code of practice for information security management, June 2005.
- ISO/IEC TR 19791:2010(E), Information technology - Security techniques - Security assessment of operational systems, April 2010.
- NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems, July 2002.
- NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems, February 2010.
- NIST Special Publication 800-39, Managing Information Security Risk, March 2011.
- NIST Special Publication 800-53 Revision 3, Recommended Security Controls for Federal Information Systems, August 2009.
- NIST Special Publication 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems, 2010.
- NIST Special Publication 800-64 Revision 2, Security Considerations in the System Development Life Cycle, October 2008.
- NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security, June 2011.
- Regulatory Guide 1.152 revision 2, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, U.S. Nuclear Regulatory Commission, January 2006.
- 10 CFR Part 73.54, Protection of Digital Computer and Communication Systems and Networks, U.S. Nuclear Regulatory Commission, Washington, DC.
- Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, U.S. Nuclear Regulatory Commission, January 2010.
- Draft Regulatory Guide DG-1249, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, U.S. Nuclear Regulatory Commission, June 2010.
- Draft IAEA Technical Guidance, Computer Security at Nuclear Facilities, International Atomic Energy Agency, 2010.
- IEEE Standard 7-4.3.2-2010, Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations, August 2, 2010.
- NRC Standard Review Plan NUREG-0800 Chapter 7.0 Instrumentation and Controls - Overview of Review Process, Revision 6, May 2010.
- NEI 04-04 Revision 1, Cyber Security Program for Power Reactors, Nuclear Energy Institute, November 18, 2005.
- Critical Infrastructure Protection, Challenges and Efforts to Secure Control Systems, GAO-04-354, United States General Accounting Office, March 2004.
- Common Cyber Security Vulnerabilities Observed in DHS Industrial Control Systems Assessments, Department of Homeland Security, July 2009.
- Recommended Practice: Improving Industrial Control Systems Cyber security with Defense-In-Depth Strategies, Department of Homeland Security, October 2009.
- INL/EXT-10-18381, NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses, Idaho National Laboratory Idaho Falls, Idaho 83415, May 2010.
- NIST National Vulnerability Database version 2.2, http://nvd.nist.gov/home.cfm.
- Common Vulnerability and Exposures (CVE), http://cve.mitre.org.
- Dong-Young Lee, Jong-Gyun Choi, and Joon Lyou, A Safety Assessment Methodology for a Digital Reactor Protection System, International Journal of Control, Automation, and Systems, vol. 4, no. 1, pp. 105-112, February 2006.
피인용 문헌
- An analytical method for developing appropriate protection profiles of Instrumentation & Control System for nuclear power plants pp.1573-0484, 2017, https://doi.org/10.1007/s11227-017-2034-6