RTCA規格 DO-392: Guidance for Security Event Management
※当ウェブ・ショップに掲載のない規格につきましては、別途お問合せ下さいませ。
※掲載の規格は、当ウェブ・ショップに掲載時点で確認できた最新版でございます。 最新の発行状況につきましては受注時に改めて確認をさせて頂きますので予めご了承下さい。
Description
This document provides guidance on security event management for various stakeholders in the aviation environment such as manufacturers, operators, maintainers, product suppliers, service providers, etc., to develop processes and procedures for identifying, responding to and reporting information security events impacting aviation safety. The guidelines in this document were developed with the intent to provide Acceptable Means of Compliance to EASA's proposed Part IS which intends to establish a regulation requiring approved organizations to implement an Information Security Management System including (Security) Occurrence Reporting analogous to Safety Management System with (Safety) Occurrence Reporting. Other regulations may also apply. Organizations may elect to apply Information Security Event Management processes for operational or other business needs.
Information Security Event Management addresses security events with actual or potential safety consequences. Security events could be malicious interactions (hacking), non-targeted attacks (malware), as well as flaws (vulnerabilities) in systems, components or procedures that could be exploited to cause safety consequences for the aircraft, its passengers or crew.