This paper focuses on security of data exchange and supervisory control according to IEC 61850. The existing security measures standardized by IEC 62351 are described and compared with similar systems that are widely used in industry automation, i.e. the OPC Unified Architecture. These security measures are not sufficient because they cover the communication only and do not respect the contained data, which specify the transactions to be processed. This paper presents extensions of existing security measures by the introduction of transaction oriented security mechanisms, which are independent of the data exchange and communication protocols. This allows a very fine-grained level of security, which considers the individual level of sensitivity of each transaction.