The Study on the Information Security Audit Guideline for SCADA System

The advancement of information technology has brought many changes in the business environment, including the automation of large industrial facilities. Electric power, water resources, energy, transportation, telecommunication, etc. compose the key infra structure of a nation which is a founding ground for economic development, stable lives of citizens, and national security, and the factors are manipulated by industry control system. Furthermore, changes in business environment integrate all the systems in organizations and it enables the integration of business information systems and industry control system. Therefore, standardization of industry control system and transition to open system are being pursued and security is becoming more important. Researchers are conducting studies about control system security in various areas such as technology, management, environment, etc. Nevertheless, there still are not many researches on the topics of control system audit. Many nations are enhancing information system audit of government and key public system and are considering security audit system for control systems such as key information telecommunication infra, which affect national security. This research provided the basis of quality audit by suggesting information security architecture and information security audit framework & audit guideline for control system audit.