參考文獻

[1] GB/T 30976.1-2014 工業控制系統信息安全 第1部分評估規范
[2] GB/T 26333-2010 工業控制網絡安全風險評估規范
[3] GB/T18336.1-2001 信息技術安全技術信息技術安全性評估準則
[4] ISO/IEC 27005:2008 Information Technology – Security techniques -Information security risk management
[5 ] IEC 6244332,Industrial communication networks–Network and system security–Part3-2:Security levels for zones and conduits9
[6] IEC 6244342,Industrial communication networks–Network and system security–Part4-2:Technical security requirements for IACS components11
[7] IEC 6244341,Industrial communication networks–Network and system security–Part4-1: Product development requirements10
[8] IEC/TR 6244312,Industrial communication networks–Network and system security–Part1-2:Master glossary of terms and abbreviations3
[9] IEC/TS 6244313,Industrial communication networks–Network and system security–Part1-3:System security compliancemetrics4
[10] IEC/TR6244314,Industrial communication networks–Network and system security–Part1-4: IACS security life cycle and use - case5
[11] IEC/TR 6244322,Industrial communication networks–Network and system security–Part2-2: Implementation guidance for an IACS security management system6
[12] IEC/TR6244323,Industrial communication networks–Network and system security–Part2-3:Patch management in the IACS environment7
[13] IEC 6244324,Industrial communication networks–Network and system security–Part2-4: Installation and maintenance requirements for IACS suppliers8
[14] IEC/TR 6244331,Industrial communication networks–Network and system security–Part3-1:Security technologies for industrial automation and control systems
[15] NIST Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security
[16] NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations