Loading...
Please wait, while we are loading the content...
Similar Documents
Risk assessment of multi-order dependencies between critical ICT infrastructures
| Content Provider | Semantic Scholar |
|---|---|
| Author | Kotzanikolaou, Panayiotis Theoharidou, Marianthi Gritzalis, Dimitris |
| Copyright Year | 2014 |
| Abstract | Assessing risk in information and communication infrastructures is a challenging topic due to the complexity of critical infrastructures (CIs) and of the various dependencies between such infrastructures. This chapter discusses the basic concepts of risk assessment for CIs. Moreover, it describes a recently proposed methodology for criticality assessment. The main goal of this methodology is to assess the risk of an infrastructure (or a sector of critical infrastructures), taking into account the dependencies between CIs and/or sectors. The methodology is compatible with current information systems practices. The basic characteristic of the presented methodology is that it attempts to capture both organizationoriented and society-oriented consequences of possible security events, a feature which is not always embedded in mainstream information security risk assessment methodologies. INTRODUCTION Although assessing security risk in critical information and communication infrastructures (CI) has similarities with risk assessment in traditional information systems, it also requires an extended approach, in order to capture CI complexities (Bialas, 2006). The process of assessing the impacts and the likelihood of occurrence of security incidents affecting CIs, is closely related to traditional information security risk assessment methods. It is also a basis for estimating which infrastructures are more critical than others, and, respectively, which sectors present higher criticality and require more sophisticated protective mechanisms. In the case of a potential threat affecting availability, but also information integrity or confidentiality of a CI, apart from the consequences to the infrastructure itself, a risk assessment methodology should mainly focus on possible impacts to the society. Risk assessment in CIs requires that the policy makers and security experts do consider possible societal impacts, which are external to the organization hosting a critical infrastructure (Theoharidou et al. 2010). An additional difficulty in risk assessment for CIs is the fact that these infrastructures are generally connected with many others and thus the effects of a disruption or failure may spread both geographically and across multiple sectors. The identification of 1-order dependencies may be sufficient in order to assess the risk of a particular infrastructure; however, capturing 1-order dependencies may fail in some cases to capture cascading risk to other infrastructures. For example, one or more relatively minor, security incidents on one CI may cause cascading and escalating impacts to a second or third dependent CI. Identifying multi-order dependencies leads to a more accurate |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://www.cis.aueb.gr/Publications/IGI%20BOOK%20RA%20in%20CI.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
