Implementing Information Security System (ISM) in the aviation sector – comparison of EASA Part – IS, ISO 27 00x and NIS2

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F70883521%3A28120%2F23%3A63565238" target="_blank" >RIV/70883521:28120/23:63565238 - isvavai.cz</a>

Výsledek na webu

<a href="https://digilib.k.utb.cz/handle/10563/52464" target="_blank" >https://digilib.k.utb.cz/handle/10563/52464</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Implementing Information Security System (ISM) in the aviation sector – comparison of EASA Part – IS, ISO 27 00x and NIS2

Popis výsledku v původním jazyce

Information security (IS) is a critical concern for organisations in the aviation sector; it involvesmanaging information security risks and protecting the information infrastructure componentsto ensure safety, for instance, in the maintenance and continuing airworthiness managementorganisations or air operators as it is an increasingly complex computer-generated environmentwhere organisations require straightforward, strong cybersecurity controls and processes builton core fundamentals, including continuous learning about risk and related regulations. Aboveall are global standards and regulations issued by the International Civil Aviation Organization(ICAO) developed at the Convention on International Civil Aviation (also known as theChicago Convention) Standards and Recommended Practices (SARPs), currently updated inAnnex 17 – Aviation Security. Thus, the European Union Aviation Agency (EASA) promotesPart - IS, which requires implementation due to information security risks potentially impactingaviation safety. The European Union Agency for Cybersecurity (ENISA) supports theDirective, the NIS2, which improves aspects of the overall level of cybersecurity at the industrylevel across several sectors, including the transport and aviation sectors. The key differencesbetween the International Standard ISO 2700x and NIS2 versus PART – IS are outlined. Afteranalysis, it shows that the requirements for an ISMS specified by PART-IS are mostlyconsistent and aligned with ISO/IEC 27001; however, PART-IS introduces provisions specificto the context of aviation safety but the intersection is described.

Název v anglickém jazyce

Implementing Information Security System (ISM) in the aviation sector – comparison of EASA Part – IS, ISO 27 00x and NIS2

Popis výsledku anglicky

Information security (IS) is a critical concern for organisations in the aviation sector; it involvesmanaging information security risks and protecting the information infrastructure componentsto ensure safety, for instance, in the maintenance and continuing airworthiness managementorganisations or air operators as it is an increasingly complex computer-generated environmentwhere organisations require straightforward, strong cybersecurity controls and processes builton core fundamentals, including continuous learning about risk and related regulations. Aboveall are global standards and regulations issued by the International Civil Aviation Organization(ICAO) developed at the Convention on International Civil Aviation (also known as theChicago Convention) Standards and Recommended Practices (SARPs), currently updated inAnnex 17 – Aviation Security. Thus, the European Union Aviation Agency (EASA) promotesPart - IS, which requires implementation due to information security risks potentially impactingaviation safety. The European Union Agency for Cybersecurity (ENISA) supports theDirective, the NIS2, which improves aspects of the overall level of cybersecurity at the industrylevel across several sectors, including the transport and aviation sectors. The key differencesbetween the International Standard ISO 2700x and NIS2 versus PART – IS are outlined. Afteranalysis, it shows that the requirements for an ISMS specified by PART-IS are mostlyconsistent and aligned with ISO/IEC 27001; however, PART-IS introduces provisions specificto the context of aviation safety but the intersection is described.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

50204 - Business and management

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Sborník příspěvků konference CrisCon 2023

ISBN

978-80-7678-197-9

ISSN

—

e-ISSN

—

Počet stran výsledku

13

Strana od-do

187-199

Název nakladatele

Univerzita Tomáše Bati ve Zlíně

Místo vydání

Zlín

Místo konání akce

Uherské Hradiště

Datum konání akce

13. 9. 2023

Typ akce podle státní příslušnosti

EUR - Evropská akce

Kód UT WoS článku

—