{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T16:23:17Z","timestamp":1774542197085,"version":"3.50.1"},"reference-count":23,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,11,26]],"date-time":"2020-11-26T00:00:00Z","timestamp":1606348800000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003621","name":"Ministry of Science, ICT and Future Planning","doi-asserted-by":"publisher","award":["IITP-2020-2018-0-01799"],"award-info":[{"award-number":["IITP-2020-2018-0-01799"]}],"id":[{"id":"10.13039\/501100003621","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003621","name":"Ministry of Science, ICT and Future Planning","doi-asserted-by":"publisher","award":["NRF-2020R1A2C1012187"],"award-info":[{"award-number":["NRF-2020R1A2C1012187"]}],"id":[{"id":"10.13039\/501100003621","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Mobile Information Systems"],"published-print":{"date-parts":[[2020,11,26]]},"abstract":"<jats:p>The industrial control system (ICS) inherits the attributes of the traditional information system, but because it has its own characteristics that availability of triad (CIA) of information security should be a top priority, it needs to be set differently from the traditional information security requirements. In response to the issue, TTAK.KO-12.0307 (Standard for Industrial Control System Information Security Requirements) proposed by the National Security Research Institute (NSRI) and established by the Telecommunications Technology Association (TTA) is being used. However, it is difficult to apply security requirements of TTAK.KO-12.0307 uniformly because of the reason that the characteristics of the ICS in each layer are different. There is also a limit to invest the security resources with equivalent priority for all requirements and ICS layers. It is still unresolved in the previous research studies which are related to information security resources, for example, Choi (2013), Ko et al. (2013), and Nah et al.\u2019s (2016) studies. Therefore, this study tried to focus on what a top priority of information security requirements by the ICS in each layer is, using the analytic hierarchy process. As a result, we derived that the top priority requirement in the operation layer is \u201cIdentification Authentication Access Control,\u201d in the control layer is \u201cEvent Response,\u201d and in the field device layer is \u201cPhysical Interface Protection\u201d with the highest importance. The results of this study can be utilized as a guideline for the security strategy and policy design by determining security requirements that should be prioritized in each layer of the ICS.<\/jats:p>","DOI":"10.1155\/2020\/8878088","type":"journal-article","created":{"date-parts":[[2020,11,28]],"date-time":"2020-11-28T02:05:09Z","timestamp":1606529109000},"page":"1-11","source":"Crossref","is-referenced-by-count":11,"title":["Investment Priority Analysis of ICS Information Security Resources in Smart Mobile IoT Network Environment Using the Analytic Hierarchy Process"],"prefix":"10.1155","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2697-8221","authenticated-orcid":true,"given":"Jiho","family":"Shin","sequence":"first","affiliation":[{"name":"Police Science Institute, Korean National Police University, Asan, Republic of Korea"},{"name":"Department of Information Security Engineering, Soonchunhyang University, Asan, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0604-3445","authenticated-orcid":true,"given":"Ilsun","family":"You","sequence":"additional","affiliation":[{"name":"Department of Information Security Engineering, Soonchunhyang University, Asan, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0971-8548","authenticated-orcid":true,"given":"Jung Taek","family":"Seo","sequence":"additional","affiliation":[{"name":"Department of Information Security Engineering, Soonchunhyang University, Asan, Republic of Korea"}]}],"member":"311","reference":[{"key":"1","volume-title":"Guide to Industrial Control Systems (ICS) Security","author":"S. Keith","year":"2015"},{"key":"2","first-page":"62","article-title":"Security requirements for industrial control system","volume":"173","author":"J.-H. Lee","year":"2017","journal-title":"Telecommunication Technology Association"},{"issue":"3","key":"3","first-page":"52","article-title":"Quantitative security risk assessment for industrial control systems: research opportunities and challenges","volume":"9","author":"M. Eckhart","year":"2019","journal-title":"Journal of Internet Service and Information Security"},{"issue":"2","key":"4","first-page":"1","article-title":"Survey on blockchain for internet of things","volume":"9","author":"H. Hui","year":"2019","journal-title":"Journalof Internet ServiceandInformationSecurity"},{"issue":"2","key":"5","first-page":"1","article-title":"Identification of attacks against wireless sensor networks based on behaviour analysis","volume":"10","author":"V. Korzhuk","year":"2019","journal-title":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)"},{"key":"6","first-page":"1","article-title":"Combined security and safety risk assessment\u2014what needs to be done for ICS and the IoT","author":"M. StJohn-Green"},{"issue":"1","key":"7","first-page":"57","article-title":"An analytical approach to using and implementing beacons: opportunities and challenges","volume":"10","author":"H. K. Almathami","year":"2019","journal-title":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1016\/j.jmsy.2018.04.007"},{"key":"9","first-page":"4490","article-title":"Stuxnet worm impact on industrial cyber-physical system security","author":"S. Karnouskos"},{"key":"10","volume-title":"TTAK.KO-12.0307, Telecommunication Technology Association","author":"TTA, Security Requirements for Industrial Control System","year":"2015"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.13089\/jkiisc.2013.23.2.287"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.13089\/jkiisc.2013.23.5.873"},{"issue":"4","key":"13","first-page":"28","article-title":"Industrial control system security standardization trend","volume":"26","author":"J. HoonNah","year":"2016","journal-title":"Review of the Korea Institute of Information Security & Cryptology"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/msp.2008.9"},{"issue":"1","key":"15","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1504\/IJSSCI.2008.017590","article-title":"Decision making with the analytic hierarchy process","volume":"1","author":"L. S. Thomas","year":"2008","journal-title":"International Journal of Services Sciences"},{"key":"16","first-page":"468","article-title":"Analysis on the information security manpower policy with analytic hierarchy process","author":"J. Hyo-Jung"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1145\/1042091.1042094"},{"issue":"3","key":"18","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1016\/0022-2496(77)90033-5","article-title":"A scaling method for priorities in hierarchical structures","volume":"15","author":"L. S. Thomas","year":"1977","journal-title":"Journal of Mathematical Psychology"},{"key":"19","volume-title":"The Analytic Hierarchy Process","author":"L. S. Thomas","year":"1980"},{"key":"20","first-page":"486","article-title":"Analysis on information security manpower policy by the analytic hierarchy process","volume":"31","author":"T.-S. Kim","year":"2006","journal-title":"The Journal of Korean Institute of Communications and Information Sciences"},{"key":"21","first-page":"1614","article-title":"A study on information security policy priority using AHP (analytic hierarchy process)","author":"W. Sung"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1109\/mc.2012.325"},{"key":"23","first-page":"4","article-title":"What is the appropriate sample size to run analytic hierarchy process in a survey-based research?","author":"P. Melillo"}],"container-title":["Mobile Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2020\/8878088.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2020\/8878088.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2020\/8878088.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,28]],"date-time":"2020-11-28T02:05:23Z","timestamp":1606529123000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/misy\/2020\/8878088\/"}},"subtitle":[],"editor":[{"given":"Vinod","family":"Karar","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2020,11,26]]},"references-count":23,"alternative-id":["8878088","8878088"],"URL":"https:\/\/doi.org\/10.1155\/2020\/8878088","relation":{},"ISSN":["1875-905X","1574-017X"],"issn-type":[{"value":"1875-905X","type":"electronic"},{"value":"1574-017X","type":"print"}],"subject":[],"published":{"date-parts":[[2020,11,26]]}}}