Repository logo
 
Publication

A Survey on Forensics and Compliance Auditing for Critical Infrastructure Protection

2024-01Journal article Open access
Simple item page
dc.contributor.authorHenriques, João
dc.contributor.authorCaldeira, Filipe
dc.contributor.authorCruz, Tiago
dc.contributor.authorSimões, Paulo
dc.date.accessioned2024-01-15T11:55:11Z
dc.date.available2024-01-15T11:55:11Z
dc.date.issued2024-01
dc.date.updated2024-01-14T15:12:02Z
dc.description.abstractThe broadening dependency and reliance that modern societies have on essential services provided by Critical Infrastructures is increasing the relevance of their trustworthiness. However, Critical Infrastructures are attractive targets for cyberattacks, due to the potential for considerable impact, not just at the economic level but also in terms of physical damage and even loss of human life. Complementing traditional security mechanisms, forensics and compliance audit processes play an important role in ensuring Critical Infrastructure trustworthiness. Compliance auditing contributes to checking if security measures are in place and compliant with standards and internal policies. Forensics assist the investigation of past security incidents. Since these two areas significantly overlap, in terms of data sources, tools and techniques, they can be merged into unified Forensics and Compliance Auditing (FCA) frameworks. In this paper, we survey the latest developments, methodologies, challenges, and solutions addressing forensics and compliance auditing in the scope of Critical Infrastructure Protection. This survey focuses on relevant contributions, capable of tackling the requirements imposed by massively distributed and complex Industrial Automation and Control Systems, in terms of handling large volumes of heterogeneous data (that can be noisy, ambiguous, and redundant) for analytic purposes, with adequate performance and reliability. The achieved results produced a taxonomy in the field of FCA whose key categories denote the relevant topics in the literature. Also, the collected knowledge resulted in the establishment of a reference FCA architecture, proposed as a generic template for a converged platform. These results are intended to guide future research on forensics and compliance auditing for Critical Infrastructure Protection.pt_PT
dc.description.versioninfo:eu-repo/semantics/publishedVersionpt_PT
dc.identifier.doi10.1109/access.2023.3348552pt_PT
dc.identifier.issn2169-3536
dc.identifier.slugcv-prod-3474375
dc.identifier.urihttp://hdl.handle.net/10400.19/8178
dc.language.isoporpt_PT
dc.peerreviewedyespt_PT
dc.subjectCritical infrastructure protectionpt_PT
dc.subjectindustrial automation and control systemspt_PT
dc.subjectcybersecuritypt_PT
dc.subjectforensicspt_PT
dc.subjectcompliance auditingpt_PT
dc.titleA Survey on Forensics and Compliance Auditing for Critical Infrastructure Protectionpt_PT
dc.typejournal article
dspace.entity.typePublication
oaire.citation.endPage2444pt_PT
oaire.citation.startPage2409pt_PT
oaire.citation.titleIEEE Accesspt_PT
oaire.citation.volume12pt_PT
person.familyNameCaldeira
person.givenNameFilipe
person.identifierlXPmBvYAAAAJ
person.identifier.ciencia-idCB11-8109-AB1D
person.identifier.orcid0000-0001-7558-2330
person.identifier.scopus-author-id36023210300
rcaap.cv.cienciaidCB11-8109-AB1D | Filipe Caldeira
rcaap.rightsopenAccesspt_PT
rcaap.typearticlept_PT
relation.isAuthorOfPublicatione845705e-5b0b-4f70-9c53-c472ffd768d1
relation.isAuthorOfPublication.latestForDiscoverye845705e-5b0b-4f70-9c53-c472ffd768d1

Files

Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
A_Survey_on_Forensics_and_Compliance_Auditing_for_Critical_Infrastructure_Protection.pdf
Size:
2.26 MB
Format:
Adobe Portable Document Format
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.82 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

ESTGV - DI - Artigo em revista científica, indexada ao WoS/Scopus