{"id":"https://openalex.org/W2913790335","doi":"https://doi.org/10.1108/ics-04-2018-0048","title":"A review of security assessment methodologies in industrial control systems","display_name":"A review of security assessment methodologies in industrial control systems","publication_year":2019,"publication_date":"2019-02-07","ids":{"openalex":"https://openalex.org/W2913790335","doi":"https://doi.org/10.1108/ics-04-2018-0048","mag":"2913790335"},"language":"en","primary_location":{"id":"doi:10.1108/ics-04-2018-0048","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-04-2018-0048","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004151950","display_name":"Qais Saif Qassim","orcid":"https://orcid.org/0000-0002-6391-5246"},"institutions":[{"id":"https://openalex.org/I79156528","display_name":"Universiti Tenaga Nasional","ror":"https://ror.org/03kxdn807","country_code":"MY","type":"education","lineage":["https://openalex.org/I79156528","https://openalex.org/I874769580"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Qais Saif Qassim","raw_affiliation_strings":["College of Computer Science and Information Technology, Universiti Tenaga Nasional, Selangor, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Information Technology, Universiti Tenaga Nasional, Selangor, Malaysia","institution_ids":["https://openalex.org/I79156528"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016101516","display_name":"Norziana Jamil","orcid":"https://orcid.org/0000-0002-7363-1466"},"institutions":[{"id":"https://openalex.org/I79156528","display_name":"Universiti Tenaga Nasional","ror":"https://ror.org/03kxdn807","country_code":"MY","type":"education","lineage":["https://openalex.org/I79156528","https://openalex.org/I874769580"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Norziana Jamil","raw_affiliation_strings":["Institute of Informatics and Computing in Energy, Universiti Tenaga Nasional, Selangor, Malaysia and College of Computer Science and Information Technology, Universiti Tenaga Nasional, Selangor, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Informatics and Computing in Energy, Universiti Tenaga Nasional, Selangor, Malaysia and College of Computer Science and Information Technology, Universiti Tenaga Nasional, Selangor, Malaysia","institution_ids":["https://openalex.org/I79156528"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010946494","display_name":"Maslina Daud","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maslina Daud","raw_affiliation_strings":["CyberSecurity Malaysia, Seri Kembangan, Selangor, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CyberSecurity Malaysia, Seri Kembangan, Selangor, Malaysia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064090488","display_name":"Ahmed Patel","orcid":null},"institutions":[{"id":"https://openalex.org/I102939073","display_name":"Universidade Estadual do Cear\u00e1","ror":"https://ror.org/00sec1m50","country_code":"BR","type":"education","lineage":["https://openalex.org/I102939073"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Ahmed Patel","raw_affiliation_strings":["Department of Computer Science, Universidade Estadual do Ceara, Fortaleza, Brazil"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Universidade Estadual do Ceara, Fortaleza, Brazil","institution_ids":["https://openalex.org/I102939073"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013921876","display_name":"Norhamadi Ja\u2019affar","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Norhamadi Ja\u2019affar","raw_affiliation_strings":["CyberSecurity Malaysia, Seri Kembangan, Selangor, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CyberSecurity Malaysia, Seri Kembangan, Selangor, Malaysia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.406,"has_fulltext":false,"cited_by_count":44,"citation_normalized_percentile":{"value":0.97134968,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"27","issue":"1","first_page":"47","last_page":"61"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9922000169754028,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scada","display_name":"SCADA","score":0.7089618444442749},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6446236371994019},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.572286069393158},{"id":"https://openalex.org/keywords/control-system-security","display_name":"Control system security","score":0.5625865459442139},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.550834596157074},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.5232419371604919},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.5045009851455688},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.503133237361908},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4579985439777374},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4576394557952881},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4302184283733368},{"id":"https://openalex.org/keywords/originality","display_name":"Originality","score":0.42702871561050415},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.42562973499298096},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.4104892611503601},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.397168904542923},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.342447429895401},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3207145035266876},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2396656572818756},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.2049432396888733},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.1382887065410614}],"concepts":[{"id":"https://openalex.org/C113863187","wikidata":"https://www.wikidata.org/wiki/Q17498","display_name":"SCADA","level":2,"score":0.7089618444442749},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6446236371994019},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.572286069393158},{"id":"https://openalex.org/C172862783","wikidata":"https://www.wikidata.org/wiki/Q5165888","display_name":"Control system security","level":5,"score":0.5625865459442139},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.550834596157074},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.5232419371604919},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.5045009851455688},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.503133237361908},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4579985439777374},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4576394557952881},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4302184283733368},{"id":"https://openalex.org/C2776950860","wikidata":"https://www.wikidata.org/wiki/Q2914681","display_name":"Originality","level":3,"score":0.42702871561050415},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.42562973499298096},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.4104892611503601},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.397168904542923},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.342447429895401},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3207145035266876},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2396656572818756},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2049432396888733},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.1382887065410614},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C11012388","wikidata":"https://www.wikidata.org/wiki/Q170658","display_name":"Creativity","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-04-2018-0048","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-04-2018-0048","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.6100000143051147,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W32063464","https://openalex.org/W86326509","https://openalex.org/W965209980","https://openalex.org/W1499169139","https://openalex.org/W1515755974","https://openalex.org/W1521855714","https://openalex.org/W1610046367","https://openalex.org/W2007443502","https://openalex.org/W2020703859","https://openalex.org/W2048063069","https://openalex.org/W2065955975","https://openalex.org/W2090717114","https://openalex.org/W2099248127","https://openalex.org/W2131060714","https://openalex.org/W2165307808","https://openalex.org/W2296060994","https://openalex.org/W2322987107","https://openalex.org/W2330650066","https://openalex.org/W2369295637","https://openalex.org/W2399910219","https://openalex.org/W2441134293","https://openalex.org/W2477960186","https://openalex.org/W2515220703","https://openalex.org/W2541208879","https://openalex.org/W2620593348","https://openalex.org/W2777186602","https://openalex.org/W2782434659","https://openalex.org/W2790360011","https://openalex.org/W2790622811","https://openalex.org/W2794376943","https://openalex.org/W2794421626","https://openalex.org/W3099219106"],"related_works":["https://openalex.org/W1661835657","https://openalex.org/W3141555268","https://openalex.org/W2355027202","https://openalex.org/W4225818200","https://openalex.org/W2026081827","https://openalex.org/W2799537471","https://openalex.org/W4313023738","https://openalex.org/W2886095819","https://openalex.org/W2469558869","https://openalex.org/W4360995999"],"abstract_inverted_index":{"Purpose":[0],"The":[1,113,139],"common":[2],"implementation":[3],"practices":[4,228],"of":[5,107,118,158,175,199,219],"modern":[6],"industrial":[7],"control":[8,110],"systems":[9,60,68],"(ICS)":[10],"has":[11],"left":[12],"a":[13,193,196],"window":[14],"wide":[15],"open":[16],"to":[17,26,37,43,50,71,95,103,123,149,154],"various":[18],"security":[19,47,83,99,106,133,169,178,203,226],"vulnerabilities.":[20],"As":[21],"the":[22,28,58,73,89,97,105,119,144,155,159,181,186,217,220],"cyber-threat":[23],"landscape":[24],"continues":[25],"evolve,":[27],"ICS":[29,46,59,82],"and":[30,66,86,128,195,206],"their":[31],"underlying":[32],"architecture":[33],"must":[34],"be":[35],"protected":[36],"withstand":[38],"cyber-attacks.":[39],"This":[40,78,190],"study":[41,114,140],"aims":[42],"review":[44,164,194],"several":[45,81,200],"assessment":[48,55,84,100,170,204,227],"methodologies":[49,85,91,121,171,205,222],"identify":[51],"an":[52],"appropriate":[53],"vulnerability":[54,126],"method":[56],"for":[57,230],"that":[61,116,143,166],"examine":[62],"both":[63],"critical":[64,75,156],"physical":[65],"cyber":[67,98,225],"so":[69],"as":[70],"protect":[72],"national":[74],"infrastructure.":[76],"Design/methodology/approach":[77],"paper":[79,191],"reviews":[80],"explores":[87,216],"whether":[88],"existing":[90,221],"are":[92],"indeed":[93],"sufficient":[94],"meet":[96],"exercise":[101],"required":[102,229],"validate":[104],"electrical":[108,231],"power":[109,232],"systems.":[111],"Findings":[112],"showed":[115,142],"most":[117],"examined":[120],"seem":[122],"concentrate":[124],"on":[125],"identification":[127],"prioritisation":[129],"techniques,":[130],"whilst":[131,180],"other":[132],"techniques":[134],"received":[135],"noticeably":[136],"less":[137],"attention.":[138],"also":[141],"least":[145],"attention":[146],"is":[147],"devoted":[148],"patch":[150],"management":[151],"process":[152],"due":[153],"nature":[157],"SCADA":[160,202],"system.":[161],"Additionally,":[162],"this":[163],"portrayed":[165],"only":[167,183],"two":[168],"exhibited":[172],"absolute":[173],"fulfilment":[174],"all":[176],"NERC-CIP":[177],"requirements,":[179],"others":[182],"partially":[184],"fulfilled":[185],"essential":[187],"requirements.":[188],"Originality/value":[189],"presents":[192],"comparative":[197],"analysis":[198],"standard":[201],"guidelines":[207],"published":[208],"by":[209],"internationally":[210],"recognised":[211],"bodies.":[212],"In":[213],"addition,":[214],"it":[215],"adequacy":[218],"in":[223],"meeting":[224],"networks.":[233]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":5}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}