Towards Reconciling Safety and Security Risk Analysis Processes in Railway Remote Driving

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

Download Full-text

Security of Railway Infrastructures

Railway Safety, Reliability, and Security ◽

10.4018/978-1-4666-1643-1.ch017 ◽

2012 ◽

pp. 355-379

Author(s):

A. Di Febbraro ◽

F. Papa ◽

N. Sacco

Keyword(s):

Risk Analysis ◽

Real World ◽

Analysis Tool ◽

Security Risk ◽

Input Output ◽

Real World Data ◽

Security Problem ◽

Output Characteristics ◽

General Architecture

The chapter is organized as follows: In section 1, the basic definitions of the security risk analysis and the characteristics of the railway security problem are introduced, and a bibliography review is reported. Then, in section 2, the general architecture for designing a security risk analysis tool is presented, focusing on the relevant specifications, and on the input/output characteristics. Therefore, in section 3, with the aim of pointing out the characteristics of the presented architecture, an explicative case study is defined based on real world data coming from Italian railways. Finally, some conclusions and remarks are discussed in chapter 4.

Download Full-text

Risk Analysis of ICT Assets

Advances in Electronic Government, Digital Divide, and Regional Development - Private Sector Innovations and Technological Growth in the MENA Region ◽

10.4018/978-1-5225-7086-8.ch010 ◽

2019 ◽

pp. 175-193

Author(s):

Hamed H. Dadmarz

Keyword(s):

Information Security ◽

Risk Analysis ◽

Human Resources ◽

Business Owners ◽

Insurance Company ◽

Security Risk ◽

Business Goals ◽

Top Managers ◽

Information Security Risk ◽

Information Assets

Risk analysis is required in all companies to help the business owners or top managers make decisions about risk management strategy, which itself provides an organization with a roadmap for information and information infrastructure protection aligned to business goals and the organization's risk profile. This chapter identifies information assets including network, electricity, hardware, service, software, and human resources in the ICT department of a health insurance company and their relevant risks. To determine the risks, the level of confidentiality, level of integrity, level of availability, the likelihood of threat occurrence, and intensity of vulnerability have been assessed and rated. Assessment is done based on the opinions of 30 experts in the field of information security. According to the results, the highest information security risk is on the network.

Download Full-text