Decision Networks for Security Risk Assessment of Critical Infrastructures

2018 ◽  
Vol 18 (3) ◽  
pp. 1-22 ◽  
Author(s):  
Daniele Codetta-Raiteri ◽  
Luigi Portinale
Keyword(s):  
Risk Assessment ◽  
Critical Infrastructures ◽  
Security Risk ◽  
Decision Networks ◽  
Security Risk Assessment

Risk Assessment of Multi-Order Dependencies between Critical Information and Communication Infrastructures

2013 ◽  
pp. 153-172 ◽  
Author(s):  
Panayiotis Kotzanikolaou ◽  
Marianthi Theoharidou ◽  
Dimitris Gritzalis
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
Basic Characteristic ◽  
Critical Infrastructures ◽  
Security Risk ◽  
Current Information ◽  
Information And Communication ◽  
Information Security Risk ◽  
Basic Concepts ◽  
Security Risk Assessment

Assessing risk in information and communication infrastructures is a challenging topic due to the complexity of critical infrastructures (CIs) and of the various dependencies between such infrastructures. This chapter discusses the basic concepts of risk assessment for CIs. Moreover, it describes a recently proposed methodology for criticality assessment. The main goal of this methodology is to assess the risk of an infrastructure (or a sector of critical infrastructures), taking into account the dependencies between CIs and/or sectors. The methodology is compatible with current information systems practices. The basic characteristic of the presented methodology is that it attempts to capture both organization-oriented and society-oriented consequences of possible security events, a feature which is not always embedded in mainstream information security risk assessment methodologies.

scholarly journals A new lightweight method for security risk assessment based on fuzzy cognitive maps

2014 ◽  
Vol 24 (1) ◽  
pp. 213-225 ◽  
Author(s):  
Piotr Szwed ◽  
Paweł Skrzyński
Keyword(s):  
Risk Assessment ◽  
Data Storage ◽  
Low Cost ◽  
Cognitive Maps ◽  
Assessment Method ◽  
Lessons Learned ◽  
Fuzzy Cognitive Maps ◽  
Software Systems ◽  
Security Risk ◽  
Security Risk Assessment

Abstract For contemporary software systems, security is considered to be a key quality factor and the analysis of IT security risk becomes an indispensable stage during software deployment. However, performing risk assessment according to methodologies and standards issued for the public sector or large institutions can be too costly and time consuming. Current business practice tends to circumvent risk assessment by defining sets of standard safeguards and applying them to all developed systems. This leads to a substantial gap: threats are not re-evaluated for particular systems and the selection of security functions is not based on risk models. This paper discusses a new lightweight risk assessment method aimed at filling this gap. In this proposal, Fuzzy Cognitive Maps (FCMs) are used to capture dependencies between assets, and FCM-based reasoning is performed to calculate risks. An application of the method is studied using an example of an e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on the effectiveness of the security system.

Sign in / Sign up

Export Citation Format

Share Document