This journal provides immediately free access to its contents under the principle that make available the research results for free to the public, helps for a greater global exchange of knowledge.
Therefore, the journal invokes the Creative Commons 4.0
License attributions: Recognition – Non-commertial - Share equal. Commercial use and distribution of original or derivative works are not permitted and must be done with a equal license as the one that regulate the original work.
Abstract
The information of a company is currently considered as an important factor, corresponds to the backbone of its competitiveness, so the use of automation systems that allow the Supervisory Control And Data Acquisition (SCADA) are required. Organizations use this type of systems to improve not only the efficiency and effectiveness of the processes, but also to take care of their industrial safety, indicating that with the increased competitiveness there are also consequently risks that jeopardize the actions of the organization. Given this situation, the present document intends to present a methodology to guide the inspection process, in order to mitigating the risk in the operational area of the organization, recognizing that its administrative area currently has a significant number of programs and methodologies that have established it as safe; in that context the research progress led to propose a quantitative and descriptive methodology, based on literature review techniques, mainly evoking the occupation of search equations.
References
[2] B. Sánchez Torres, J. A. Rodríguez Rodríguez, D. W. Rico Bautista y C. D. Guerrero, “Smart Campus: Trends in cybersecurity and future development,” Revista Facultad de Ingeniería, vol. 27, nº 47, pp. 93-101, 2018.
[3] B. Gorenc y F. Sands, “Hacker Machine Interface: The State of SCADA HMI Vulnerabilities,” TrendLabs Research Paper, 2017. [En línea]. Available: https://documents.trendmicro.com/assets/wp/wp-hacker-machine-interface.pdf.
[4] M. Sánchez Rubio, J. M. Gómez-Casero Marichal y C. Cilleruelo Rodríguez, “Inseguridad en infraestructuras críticas,” de Jornadas Nacionales de Investigaciíon en Ciberseguridad (1a. 2015. León), León, 2015.
[5] S. Pagnotta, “Ataques a infraestructuras críticas, ¿modalidad inminente en 2017?,” 2017. [En línea]. Available: www.welivesecurity.com/la-es/2017/01/04/ataques-a-infraestructuras-criticas-2017.
[6] J. S. Suroso y M. A. Fakhrozi, “Assessment Of Information System Risk Management with Octave Allegro At Education Institution,” Procedia Computer Science, vol. 135, p. 202–213, 2018.
[7] F. Y. Holguín García y L. M. Lema Moreta, “Maturity Model for the Risk Analysis of Information Assets based on Methodologies MAGERIT, OCTAVE y MEHARI; focused on Shipping Companies.,” de 2018 7th International Conference On Software Process Improvement (CIMPS), Guadalajara, Jalisco, Mexico, 2018.
[8] Consejo Superior de Administración Electrónica, “MAGERIT v.3 : Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información,” 2012. [En línea]. Available: administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html#.XV8RLuj0nIV.
[9] T. Alves, R. Das, A. Werth y T. Morris, “Virtualization of SCADA testbeds for cybersecurity research: A modular approach,” Computers & Security, vol. 77, p. 531–546, 2018.
[10] S. Samtani, S. Yu, H. Zhu, M. Patton, J. Matherly y H. Chen, “Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach,” IEEE Intelligent Systems, vol. 33, nº 2, pp. 63-73, 2018.
[11] F. Sevillano y M. Beltrán, “Metodología para el Análisis, Auditoría de Seguridad y Evaluación del Riesgo Operativo de Redes Industriales y Sistemas SCADA (MAASERISv2.1),” de Jornadas Nacionales de Investigaciíon en Ciberseguridad (1a. 2015. León), León, 2015.
[12] J. E. Arias Torres, Riesgos a los sistemas SCADA, en empresas colombianas, Universidad Piloto de Colombia, Bogotá, 2014.
[13] J. Anabalon y E. Donders, “Seguridad en Sistemas SCADA un Acercamiento Práctico a Través de EH e ISO 27001:2005,” MonkeysLab Research, 2014.
[14] R. Hernández Sampieri, C. Fernández Collado y M. d. P. Baptista Lucio, Metodología de la Investigación, vol. 6, Mexico: McGRAW-HILL, 2014
[15] S. Bergner y U. Lechner, “Cybersecurity Ontology for Critical Infrastructures,” KEOD, pp. 80-85, 2017.
[16] K. Stouffer, V. Pillitteri, M. Abrams y A. Hahn, Guide to Industrial Control Systems (ICS) Security, NIST.SP.800-82r2, 2015.
[17] S. Samtani, S. Yu, H. Zhu, M. Patton y H. Chen, “Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques,” de 2016 IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, 2016.
[18] B. Ghena, W. Beyer, A. Hillaker, J. Pevarnek y A. Halderman, Green Lights Forever: Analyzing the Security of Traffic Infrastructure, WOOT, 2014.