Hansa - Ansp Atm-Ans Security Oversight V 1.0

: 1.
: 16 2012

ATM/ANS
1.0
18 MAY 2012
-
SecMS , ISMS, Asset, Threat, Treat Agent, Risk, Risk Appetite, Risk Assessment-Risk Mitigation
Risk Controls, SOA (Statement of Application)
I :
+30 210 8984139
+30 210 8984135
SQS ()
EATMP
MEDIA
:
Media:
MS WORD 2007

17-05-2012
()

()

17-05-2012
SQS
1.
(Asset ): .
(Threat):
/ .
(Threat Agent): : , ,

(Security Incident):
, /.
, (Vulnerability):
(threat agent).
(Risk): ,
.
(Risk assessment): .
(Risk mitigation):
.
(Risk controls):
, , .
(Risk appetite): safety
(acceptable level of safety).
.
SecMS: .
ISMS: .
(Scope): Assets
.
SoA (Statement of Application): (Controls)
.

1.
...................................................................................................................................................... 3
2.
................................................................................................................................................... 5
3.
.............................................................................................................................................. 5
4.
.................................................................................................................................................. 5
5.
......................................................................... 5
6.
................................................................................................................................................. 5
7.
.............................................................................................................................................. 5
8.
................................................................................................................................................... 6
9.
(ACCEPTABLE MEANS OF COMPLIANCE /AMC)............................. 6
10.
....................................................................................................................................... 6
11.
(SecMS) ................................................................................. 7
12.
........................ 8
13.
, ,
& ....................................................................................................................................... 9
14.
,
................................................................................................................................................................................. 10
15.
(INFORMATION SECURITY MANAGEMENT SYSTEM/ISMS)
16.
.................................................................................................................................................... 12
17.
(GUIDANCE MATERIAL)...................................................................................................... 12
18.
...................................................................................................................................................... 13
11
2.

() ATM/ANS (
), ,
() 150/2007 ,
4.3.5 (ATM Security
oversight).
(assets)

.
3.
( 1035/2011)
(SecMS), ATM/ANS

.
() ATM/ANS
.
4.
ATM/ANS.
5.
150/2007
(--) .
6.
,
Annex I 1035/2011,
(Sec MS).
7.
8.

( ) .
,
.
9.
(ACCEPTABLE MEANS OF
COMPLIANCE /AMC)
ISO
(Accreditated Body)
.
,
4 Annex I 1035/2011
,
.
10.
1035/2011, Annex I, 4, .

:
1) , (, , )

ATM/ANS (Aeronautical Assets), (
) (
) .

,
, ,
,
, ,

.
2)
, ,
.
3) :
(threats),
,
,
.
4)
,

.
5)
, ,

.
6) ,
.
11.
(SecMS)
(QMS ,SMS ,ENVMS)

(SecMS) ,
Deming: Plan-Do-Check-Act (PDCA).
( Policy) -
(Objectives)

.
:
1) (Business Requirements).
2) (Regulatory Requirements ).
3) (Responsibilities, Accountabilities).
4) , , /
,
.

:
1)
( , ).
2) .
3) - , .
4) (.. ).
5) .
6) (Review).
7) .
8) .
12.
1) (Assets Registry)
.
2) (Security Criticality).
3) ,

.
4) (threats) .
4) (vulnerabilities).
5) , .
6) / (back ups)
(business continuity), /
(degraded mode).
7) , ,
, , ,
,
, ,
- .
.
, ,
, , screening, .
,
, passwords, firewalls, (IDS intrusion
detection system), CRC (cyclic redundancy checks) (data

integrity) .
13.
, ,
&
(Assets)
(, ),
(data), (hardware/software) ,
,
.
ISO 27001:2005
:
1) (confidentiality)
2) (integrity)
3) (availability)
(confidentiality)

, .
,
(encryption), (restricted access)
(physical protection) ,,
, , (logical
protection) password.
( )

server,
(.. server

) ()
,
.

,
, background check , .
/
(integrity)
(digits)
(corrupted) , ,
(operational logs).

(metadata)
(non repudiation).
CRC (cyclic redundancy checks) IDS (intrusion
detection systems).
, AIS,
(. ICAO Annex 15, Critical data, essential data, routine data,
73/2010).
(availability)
.
(back up)
(Restore),
(multiple storage), ,
(capacity planning) server ,
, .
14.
(Low) :

.
(Medium):

.
.
,
,
.
(High):
,
.

10

, , ,
.
(Low):

.
(Medium):
/
.
(High):
/ .
(Low):
7
.
(Medium):
48
.
(High):
24 .
15.
(INFORMATION SECURITY
MANAGEMENT SYSTEM/ISMS)
:
1. (scope), assets
.
2. (policy) ..
, , .
3. assets
(vulnerabilities) risk register.

4. risk assessment (threats)
.
5. risk treatment, .
6. management approval,
, , (..

11
)
.
7. SoA (Statement of Applicability), .
8. Controls,
.
16.
:
ICAO Annex 15
1035/2011, 4, Security,
73/2010,

:
()
17.
(GUIDANCE MATERIAL)
ATM/ANS
EUROCONTROL extranet login. .
One sky Teams/ATM Security Team/Library/Derivables &Publications
ATM Threat Model, Critical Asset Identification Methodology, ICT Security Guidelines, Security
Management Handbook, Security Risk Assessment Methodology.

12
18.

1. Policy
Element 1: Policy
2. Security risk assessment & planning

Element 2: Security risk assessment
Element 3: Legal, statutory, regulatory and other security requirements
Element 4: Security management objectives
Element 5: Security management targets
Element 6: Security management programmes
3. Checking & corrective action

Element 7: Structure, authority and responsibility for security management
Element 8: Competence, training and awareness
Element 9: Communication
Element 10: Documentation and document control
Element 11: Operational control
Element 12: Emergency preparedness, response and security recovery
4. Checking & corrective action

Element 13: Security performance measurement and monitoring
Element 14: System evaluation
Element 15: Security related failures, incidents, non-conformances and corrective and preventive
action
Element 16: Control of records
Element 17: Audit
5. Management review and continual improvement

Element 18: Review and continual improvement
Source: Security Management Handbook, ed.1.0, p.14.

13

Hansa - Ansp Atm-Ans Security Oversight V 1.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hansa - Ansp Atm-Ans Security Oversight V 1.0

Uploaded by

Copyright:

Available Formats

: 1.

+30 210 8984139

+30 210 8984135

(ACCEPTABLE MEANS OF COMPLIANCE /AMC)............................. 6

(INFORMATION SECURITY MANAGEMENT SYSTEM/ISMS)

(QMS ,SMS ,ENVMS)

detection system), CRC (cyclic redundancy checks) (data

(vulnerabilities) risk register.

2. Security risk assessment & planning

3. Checking & corrective action

4. Checking & corrective action

5. Management review and continual improvement

Source: Security Management Handbook, ed.1.0, p.14.

You might also like