RTCA DO-392

This document provides guidance on security event management for various stakeholders in the aviation environment such as manufacturers, operators, maintainers, product suppliers, service providers, etc., to develop processes and procedures for identifying, responding to and reporting information security events impacting aviation safety. The guidelines in this document were developed with the intent to provide Acceptable Means of Compliance to EASA's proposed Part IS which intends to establish a regulation requiring approved organizations to implement an Information Security Management System including (Security) Occurrence Reporting analogous to Safety Management System with (Safety) Occurrence Reporting. Other regulations may also apply. Organizations may elect to apply Information Security Event Management processes for operational or other business needs.

Information Security Event Management addresses security events with actual or potential safety consequences. Security events could be malicious interactions (hacking), non-targeted attacks (malware), as well as flaws (vulnerabilities) in systems, components or procedures that could be exploited to cause safety consequences for the aircraft, its passengers or crew.