Press Release


 New ISACA Guide Explores Turbulent Cybersecurity Environment For Industrial Control Systems 

Rolling Meadows, IL, USA (14 May 2015)—ISACA, a global professional association serving 140,000 professionals, has published a new guide about the current cybersecurity threat for industrial control systems (ICS). Titled Industrial Control Systems: A Primer for the Rest of Us” the guide takes a deeper look at ICS and why security practitioners face a daunting challenge in defending an infrastructure that is often full of antiquated technology.

According to the guide, ICS were never intended to be interconnected, but are now more vulnerable because of their convergence with traditional information and communications technology (ICT).

The guide discusses the differences and similarities between ICS and IT; ICS has an operational focus and IT is system or task-specific. Regardless of their differences, threat agents and attack vectors are the same for both systems.

A section called “Defining Industrial Control Systems” provides an in-depth overview of what comprises today’s ICS—generally understood as systems such as electricity, water and energy production as well as manufacturing and distribution. It defines:

  • Architecture and all of its components
  • Distributed Control Systems (DCS)
  • Supervisory Control and Data Acquisition (SCADA) Systems
  • Process Logic Controllers (PLC)

“ICS were originally designed to perform tasks in environments that were separate and apart from traditional IT systems,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “In today’s environment, understanding IT risk and governance principles is increasingly critical to the ICS community, especially in converged enterprises.”

The guide suggests there are great advantages to creating and sustaining cross-functional teams between ICS and IT cybersecurity professionals. This scenario will help both teams leverage development and execution of enterprise cybersecurity strategies.

Industrial Control Systems: A Primer for the Rest of Us” is available for free download at



A global association of 140,000 professionals in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers Cybersecurity Nexus (CSX), a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology.

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:

Participate in the ISACA Knowledge Center:



Rachel Acevedo, +1.847.660.5617,

Joanne Duffer, +1.847.660.5564,