Management of Information Security for an Electric Power Utility—On Security Domains and Use of ISO/IEC17799 Standard

The issue of information security has become a major concern for the electric power utilities. An increasing amount of money is being spent on the handling of information security. But the issue is delicate. Even though a utility may spend a fortune, it cannot be sure that it is doing the right thing at the right level of expenditures. Therefore, increasing efforts are being put into raising the awareness of information security. Here, the work in Cigré JointWorking Group D2/B3/C2-01 “Security for Information Systems and Intranets in Electric Power Systems” is presented. The paper focuses on: stressing the importance of handling information security within an electric utility, the dealing with various threats and vulnerabilities, the evolution of Power Utility Information Systems from isolated to fully integrated systems, the concept of using security domains for dealing with information security within an electric utility, and the use of the ISO/IEC 17799 standard.