Information security based on international standards
When it's a question of top-level data security, information and IT security standards such as ISO 27001, ISO 27002, SANS 20, IEC 62443 or NERC CIP are often required. At the same time these standards are core components of IT security laws in Asia-Pacific that applies to suppliers and operators of critical infrastructure. As a result, in the implementation phase the law requires an information security management system that complies with DIN ISO/IEC 27001 for instance. Some companies affected by IT security legislation have already started to prepare for certification and others will soon follow. For energy utility and railway customers, this is an important signal that their suppliers are taking the necessary measures to maintain and consistently improve information security.
To conclude, it is important to have a concept that entails compliance with superior security requirements, certified staff, central management of the communications systems and the use of encryption technologies. The communications system should fulfil the standards relevant to the industry, and at the same time comply with the demanding requirements of operators of mission-critical networks with regard to high levels of reliability and low maintenance. It should also provide a high level of flexibility and security by using programmable FPGAs and hardware-based random number generators, and an encryption solution that is easy to update and therefore a good long-term investment.
Sign up for CIO Asia eNewsletters.