Author:
Péter Hunorfi Óbudai Egyetem, Biztonságtudományi Doktori Iskola, Budapest, Magyarország

Search for other papers by Péter Hunorfi in
Current site
Google Scholar
PubMed
Close
https://orcid.org/0009-0000-3578-1909
Open access

Az ISO/IEC 27001 szabvány alkalmazása lehetővé teszi az OT-rendszereket üzemeltető szervezetek számára, hogy egy átfogó és koherens biztonsági stratégiát alakítsanak ki, amely integrálja a kockázatkezelést és az információvédelem legjobb gyakorlatait. Az ISO/IEC 27001 kiemeli a felső vezetés elkötelezettségének szükségességét, a hatókör pontos meghatározását, a kockázatértékelést, a megfelelő biztonsági kontrollok kiválasztását és a rendszer folyamatos felülvizsgálatát és fejlesztését. Ezek a lépések kulcsfontosságúak az OT-rendszerek biztonságának fenntartása és a kibertámadásokkal szembeni védelem megerősítése érdekében. Az ISO/IEC 27001 alkalmazása OT-környezetben nemcsak a biztonsági intézkedések hatékonyságát növeli, hanem hozzájárul az üzleti folytonosság fenntartásához, az ügyfelek bizalmának növeléséhez és a szabályozási követelményeknek való megfeleléshez is. A közelmúltban megje-lent hazai és nemzetközi, OT/ICS-rendszerekre vonatkozó kiberbiztonsági jelentések legfőbb konklúziója, hogy a fenyegetettségek száma és kifinomultsága folyamatosan növekszik. A nemzetek és a szervezetek alapvető érdeke ezeknek a kockázatoknak a minimalizálása, valamint OT/ICS-rendszereik minél hatékonyabb védelme a kibertérben. Ennek legmegfelelőbb módja a kibervédelem szabványalapú megközelítése és az ajánlások hatékony alkalmazása. Ez a cikk bemutatja az ISO/IEC 27001 gyakorlati alkalmazásának kulcsfontosságú lépéseit, előnyeit és gyakorlati hasznosítását OT/ICS-rendszerek vonatkozásában.

OT (Operational Technology) systems refer to the technology that manages and controls physical processes and industrial assets. OT systems are primarily found in industrial sectors, energy sector, transportation, and infrastructure. Other examples include BMS (Building Management Systems), CCTV (Closed-Circuit Television), SSM (Safety and Security Management), and HMI (Human-Machine Interface) systems. OT systems differ from IT (Information Technology), which are more focused on data processing and information management. In contrast, OT systems are designed to control physical processes and industrial assets, such as production lines, power distribution networks, or transportation systems. Organizations that operate cyber-physical systems, particularly industrial systems, critical infrastructure, or other legacy systems, face significant cybersecurity challenges. These systems often consist of components that were not designed with security or modern connectivity in mind. As OT systems increasingly connect with IT systems, the risk of cyberattacks rises. Older devices often lack updated security protocols, and the absence of industrial standards makes them vulnerable. The increasing frequency of cyberattacks can have severe consequences for operational processes and safety. The uniqueness of OT systems lies in their impact on the physical world, meaning that cyberattacks can lead not only to data loss but also potentially life-threatening situations. The implementation of the ISO/IEC 27001 standard enables organizations operating OT systems to develop a comprehensive and coherent security strategy that integrates risk management and the best practices in information protection. ISO/IEC 27001 emphasizes the necessity of senior management commitment, precise definition of scope, risk assessment, selection of appropriate security controls, and continuous review and improvement of the system. These steps are crucial for maintaining the security of OT systems and strengthening protection against cyber-attacks. The application of ISO/ IEC 27001 in an OT environment not only enhances the effectiveness of security measures but also contributes to maintaining business continuity, increasing customer trust, and meeting regulatory requirements. The Dragos 2023 and BlackCell reports provide several practices and principles that support the requirements and objectives of the ISO/IEC 27001 standard. These include continuous risk assessment, advanced incident management, ongoing improvement of security measures, and robust network segmentation and monitoring. By following these recommendations, organizations can effectively manage cybersecurity risks and improve their information security performance, ensuring they remain resilient against an ever-changing threat landscape.

  • Backes, M., Pfitzmann, B., & Waidner, M. (2006) Soundness Limits of Dolev-Yao Models. In: Workshop on Formal and Computational Cryptography (FCC 2006).

    • Search Google Scholar
    • Export Citation
  • Baheti, R., & Gill, H. (2011) Cyber-physical systems. The impact of control technology 12, pp. 161166.

  • Barraza de la Paz, J. V., Rodríguez-Picón, L. A., Morales-Rocha, V., & Torres-Argüelles, S. V. (2023) A systematic review of risk management methodologies for complex organizations in industry 4.0 and 5.0. Systems 11, p. 218.

    • Search Google Scholar
    • Export Citation
  • Chavez, S., Anahue, J., & Ticona, W. (2024) Implementation of an ISMS Based on ISO/IEC 27001:2022 to Improve Information Security in the Internet Services Sector. In: 14th International Conference on Cloud Computing, Data Science & Engineering 2024 (Confluence). IEEE. pp. 184189.

    • Search Google Scholar
    • Export Citation
  • Commission, I.O. for S.E., others (2022) ISO/IEC 27001:2022 Information security management systems. https://www.iso.org/standard/27001

  • Dragos (2024) OT Cybersecurity. The 2023 year in review.

  • Farkas T. (2023) A kommunikációs és információs rendszerek értelmezése napjainkban: követelmények és kihívások. In: Új típusú kihívások az infokommunikációban. pp. 1130.

    • Search Google Scholar
    • Export Citation
  • Feng, T., Zhang, B., Liu, C., & Zheng, L. (2024) Security assessment and improvement of building ethernet KNXnet/IP protocol. Discover Applied Sciences 6, p. 162.

    • Search Google Scholar
    • Export Citation
  • Iturbe, E., Rios, E., Mansell, J., & Toledo, N. (2023) Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance. In: 2023 International Conference on Electrical, Computer and Energy Technologies (ICECET). IEEE. pp. 16.

    • Search Google Scholar
    • Export Citation
  • Kocsis T. (2019) ICS/OT Snapshot 2019. Riport a hazai, interneten elérhető ipari vezérlők felhasználásáról.

  • Michelberger P. (2024) Fejezetek a vállalati biztonságmenedzsmentből. Budapest, Akadémiai Kiadó.

  • Prasetyani, L., Dini, A., & Ma’arif, E. (2021) Automation Control Design of a Storage Machine Based on Omron PLC System. pp. 3034.

    • Crossref
    • Search Google Scholar
    • Export Citation
  • Ratzer, A. V., Wells, L., Lassen, H. M., Laursen, M., Qvortrup, J. F., Stissing, M. S., Westergaard, M., Christensen, S., & Jensen, K. (2003) CPN tools for editing, simulating, and analysing coloured Petri nets. In: International Conference on Application and Theory of Petri Nets. Springer. pp. 450462.

    • Search Google Scholar
    • Export Citation
  • Sario, A. (2019) What is Operational Technology? https://www.engineeringinreallife.com/post/what-is-operational-technology

  • Scheidegger, B. (2013) Smart eagle: Advanced external monitoring of heterogeneous networks. Master’s Thesis. ETH Zürich.

  • Stouffer, K. (2023) Guide to Operational Technolog (OT) Securit (No. NIST SP 800-82r3). National Institute of Standards and Technology, Gaithersburg, MD.

    • Crossref
    • Search Google Scholar
    • Export Citation
  • Tsvetanov, T., & Slaria, S. (2021) The effect of the Colonial Pipeline shutdown on gasoline prices. Economics Letters 209, 110122.

  • Vacherot, C. (2020) Sneak into buildings with KNXnet/IP. In: Sneak into Buildings with KNXnet/IP.

  • Watkins, S. (2022) ISO/IEC 27001:2022. An introduction to information security and the ISMS standard. IT Governance Publishing, Ely, Cambridgeshire.

    • Search Google Scholar
    • Export Citation
  • Zelmati, M., Oulqaid, Z., & Elouadi, A. (2023) Real-time Tracking of Auditing Process Progress with a Customizable Application for Cybersecurity Standards Compliance: A Case Study on ISO 27001 and TISAX. In: 10th International Conference on Wireless Networks and Mobile Communications 2023 (WINCOM). IEEE. pp. 17.

    • Search Google Scholar
    • Export Citation
  • Collapse
  • Expand

Editor-in-Chief:

Founding Editor-in-Chief:

  • Tamás NÉMETH

Managing Editor:

  • István SABJANICS (Ministry of Interior, Budapest, Hungary)

Editorial Board:

  • Attila ASZÓDI (Budapest University of Technology and Economics)
  • Zoltán BIRKNER (University of Pannonia)
  • Valéria CSÉPE (Research Centre for Natural Sciences, Brain Imaging Centre)
  • Gergely DELI (University of Public Service)
  • Tamás DEZSŐ (Migration Research Institute)
  • Imre DOBÁK (University of Public Service)
  • Marcell Gyula GÁSPÁR (University of Miskolc)
  • József HALLER (University of Public Service)
  • Charaf HASSAN (Budapest University of Technology and Economics)
  • Zoltán GYŐRI (Hungaricum Committee)
  • János JÓZSA (Budapest University of Technology and Economics)
  • András KOLTAY (National Media and Infocommunications Authority)
  • Gábor KOVÁCS (University of Public Service)
  • Levente KOVÁCS buda University)
  • Melinda KOVÁCS (Hungarian University of Agriculture and Life Sciences (MATE))
  • Miklós MARÓTH (Avicenna Institue of Middle Eastern Studies )
  • Judit MÓGOR (Ministry of Interior National Directorate General for Disaster Management)
  • József PALLO (University of Public Service)
  • István SABJANICS (Ministry of Interior)
  • Péter SZABÓ (Hungarian University of Agriculture and Life Sciences (MATE))
  • Miklós SZÓCSKA (Semmelweis University)

Ministry of Interior
Science Strategy and Coordination Department
Address: H-2090 Remeteszőlős, Nagykovácsi út 3.
Phone: (+36 26) 795 906
E-mail: scietsec@bm.gov.hu

DOAJ

2023  
CrossRef Documents 32
CrossRef Cites 15
Days from submission to acceptance 59
Days from acceptance to publication 104
Acceptance Rate 81%

2022  
CrossRef Documents 38
CrossRef Cites 10
Days from submission to acceptance 54
Days from acceptance to publication 78
Acceptance Rate 84%

2021  
CrossRef Documents 46
CrossRef Cites 0
Days from submission to acceptance 33
Days from acceptance to publication 85
Acceptance Rate 93%

2020  
CrossRef Documents 13
CrossRef Cites 0
Days from submission to acceptance 30
Days from acceptance to publication 62
Acceptance Rate 93%

Publication Model Gold Open Access
Submission Fee none
Article Processing Charge none

Scientia et Securitas
Language Hungarian
English
Size A4
Year of
Foundation
2020
Volumes
per Year
1
Issues
per Year
4
Founder Academic Council of Home Affairs and
Association of Hungarian PhD and DLA Candidates
Founder's
Address
H-2090 Remeteszőlős, Hungary, Nagykovácsi út 3.
H-1055 Budapest, Hungary Falk Miksa utca 1.
Publisher Akadémiai Kiadó
Publisher's
Address
H-1117 Budapest, Hungary 1516 Budapest, PO Box 245.
Responsible
Publisher
Chief Executive Officer, Akadémiai Kiadó
Applied
Licenses
CC-BY 4.0
CC-BY-NC 4.0
ISSN ISSN 2732-2688 (online), 3057-9759 (print)
   

Monthly Content Usage

Abstract Views Full Text Views PDF Downloads
Aug 2024 0 0 0
Sep 2024 0 0 0
Oct 2024 0 0 0
Nov 2024 0 0 0
Dec 2024 0 15581 97
Jan 2025 0 25735 35
Feb 2025 0 0 0