IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v12y2016icp12-26.html
   My bibliography  Save this article

Current practices and challenges in industrial control organizations regarding information security incident management – Does size matter? Information security incident management in large and small industrial control organizations

Author

Listed:
  • Bartnes Line, Maria
  • Anne Tøndel, Inger
  • Jaatun, Martin G.

Abstract

This paper reports on the results of an interview study that surveyed current practices regarding information security incident management in small and large distribution system operators (DSOs) in the Norwegian electric power industry. The findings indicate that current risk perception and preparedness are low, especially among small electricity distribution system operators. Further, small distribution system operators rely heavily on their suppliers should incidents occur. At the same time, small distribution system operators are confident that they can handle the worst-case scenarios. This paper documents current perceptions and discusses the extent to which they are likely to hold given the transition towards smart electric grids. Several recommendations are provided based on the findings and the accompanying discussion. In particular, small distribution system operators should strengthen the collaboration with their information technology (IT) suppliers and other small distribution system operators. Furthermore, distribution system operators in general should establish written documentation of procedures, perform preparedness exercises and improve detection capabilities in control systems.

Suggested Citation

  • Bartnes Line, Maria & Anne Tøndel, Inger & Jaatun, Martin G., 2016. "Current practices and challenges in industrial control organizations regarding information security incident management – Does size matter? Information security incident management in large and small ," International Journal of Critical Infrastructure Protection, Elsevier, vol. 12(C), pages 12-26.
    • Handle: RePEc:eee:ijocip:v:12:y:2016:i:c:p:12-26
    DOI: 10.1016/j.ijcip.2015.12.003
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548215000815
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2015.12.003?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Jaatun, Martin Gilje & Albrechtsen, Eirik & Line, Maria B. & Tøndel, Inger Anne & Longva, Odd Helge, 2009. "A framework for incident response management in the petroleum industry," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(1), pages 26-37.
    2. Thomas Diefenbach, 2009. "Are case studies more than sophisticated storytelling?: Methodological problems of qualitative empirical research mainly based on semi-structured interviews," Quality & Quantity: International Journal of Methodology, Springer, vol. 43(6), pages 875-894, November.
    3. Terje Aven & Ortwin Renn, 2010. "Risk Management and Governance," Risk, Governance and Society, Springer, number 978-3-642-13926-0, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Staves, Alexander & Anderson, Tom & Balderstone, Harry & Green, Benjamin & Gouglidis, Antonios & Hutchison, David, 2022. "A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control Systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 37(C).
    2. Shrestha, Manish & Johansen, Christian & Noll, Josef & Roverso, Davide, 2020. "A Methodology for Security Classification applied to Smart Grid Infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 28(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Sisira S. Withanachchi & Ilia Kunchulia & Giorgi Ghambashidze & Rami Al Sidawi & Teo Urushadze & Angelika Ploeger, 2018. "Farmers’ Perception of Water Quality and Risks in the Mashavera River Basin, Georgia: Analyzing the Vulnerability of the Social-Ecological System through Community Perceptions," Sustainability, MDPI, vol. 10(9), pages 1-26, August.
    2. Aven, Terje & Renn, Ortwin, 2018. "Improving government policy on risk: Eight key principles," Reliability Engineering and System Safety, Elsevier, vol. 176(C), pages 230-241.
    3. Sven Ove Hansson & Terje Aven, 2014. "Is Risk Analysis Scientific?," Risk Analysis, John Wiley & Sons, vol. 34(7), pages 1173-1183, July.
    4. Robert Heckert, 2019. "Challenges for a Multiple Identity Organization: A Case Study of the Dutch Blood Supply Foundation," Corporate Reputation Review, Palgrave Macmillan, vol. 22(3), pages 101-119, August.
    5. Yang, Ya Ling, 2020. "Comparison of public perception and risk management decisions of aircraft noise near Taoyuan and Kaohsiung International Airports," Journal of Air Transport Management, Elsevier, vol. 85(C).
    6. Singh, Abhishek Narain & Gupta, M.P. & Ojha, Amitabh, 2014. "Identifying critical infrastructure sectors and their dependencies: An Indian scenario," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(2), pages 71-85.
    7. Bjerga, Torbjørn & Aven, Terje, 2015. "Adaptive risk management using new risk perspectives – an example from the oil and gas industry," Reliability Engineering and System Safety, Elsevier, vol. 134(C), pages 75-82.
    8. Aven, Terje, 2013. "A conceptual framework for linking risk and the elements of the data–information–knowledge–wisdom (DIKW) hierarchy," Reliability Engineering and System Safety, Elsevier, vol. 111(C), pages 30-36.
    9. Leena Suopajärvi & Karin Beland Lindahl & Toni Eerola & Gregory Poelzer, 2023. "Social aspects of business risk in the mineral industry—political, reputational, and local acceptability risks facing mineral exploration and mining," Mineral Economics, Springer;Raw Materials Group (RMG);Luleå University of Technology, vol. 36(2), pages 321-331, June.
    10. Rao Faizan Ali & P.D.D. Dominic & Kashif Ali, 2020. "Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees," Sustainability, MDPI, vol. 12(20), pages 1-27, October.
    11. Natalia Vladimirovna Gryzunova & Victoria Ivanovna Pyatanova & Viktoriya Valeryevna Manuylenko & Konstantin Vasilievich Ordov, 2019. "Models of credit limit-setting for companies as means of encouraging competitiveness," Entrepreneurship and Sustainability Issues, VsI Entrepreneurship and Sustainability Center, vol. 7(1), pages 615-625, September.
    12. Nadja Thoma & Phil C. Langer, 2022. "Educational Transitions in War and Refugee Contexts: Youth Biographies in Afghanistan and Austria," Social Inclusion, Cogitatio Press, vol. 10(2), pages 302-312.
    13. Terje Aven & Ortwin Renn, 2012. "On the Risk Management and Risk Governance of Petroleum Operations in the Barents Sea Area," Risk Analysis, John Wiley & Sons, vol. 32(9), pages 1561-1575, September.
    14. Rudolf R. Sinkovics & Eva A. Alfoldi, 2012. "Progressive Focusing and Trustworthiness in Qualitative Research," Management International Review, Springer, vol. 52(6), pages 817-845, December.
    15. Roman Batko, 2021. "Evaluation of Audit Criteria for Cultural Institutions: A Research Report," European Research Studies Journal, European Research Studies Journal, vol. 0(1), pages 478-493.
    16. Grzegorz Drozdowski & Joanna Rogozińska-Mitrut & Jacek Stasiak, 2021. "The Empirical Analysis of the Core Competencies of the Company’s Resource Management Risk. Preliminary Study," Risks, MDPI, vol. 9(6), pages 1-12, June.
    17. Yanwei Li & Araz Taeihagh & Martin de Jong & Andreas Klinke, 2021. "Toward a Commonly Shared Public Policy Perspective for Analyzing Risk Coping Strategies," Risk Analysis, John Wiley & Sons, vol. 41(3), pages 519-532, March.
    18. Aven, Terje, 2013. "Practical implications of the new risk perspectives," Reliability Engineering and System Safety, Elsevier, vol. 115(C), pages 136-145.
    19. Aven, Terje, 2018. "How the integration of System 1-System 2 thinking and recent risk perspectives can improve risk assessment and management," Reliability Engineering and System Safety, Elsevier, vol. 180(C), pages 237-244.
    20. Aven, Terje & Krohn, Bodil S., 2014. "A new perspective on how to understand, assess and manage risk and the unforeseen," Reliability Engineering and System Safety, Elsevier, vol. 121(C), pages 1-10.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:12:y:2016:i:c:p:12-26. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.