Tool-supported risk modeling and analysis of evolving critical infrastructures

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7465 LNCS, Issue , 2012, Pages 562-577

  Seehusen, Fredrik ^a   Solhaug, Bjørnar ^a  

^a SINTEF ICT   (Norway)

Author keywords

ATM; critical infrastructures; interdependencies; Risk analysis

Indexed keywords

AIR TRAFFIC MANAGEMENT; COORDINATED ACTIVITY; EXPLICIT MODELING; INTERDEPENDENCIES; INTERDEPENDENT SYSTEMS; MODELING AND ANALYSIS; RISK ANALYSIS METHODS; RISK ANALYSIS TOOLS; RISK MODEL; RISK MODELING; SYSTEM CHANGE; TOOL SUPPORT;

AUTOMATIC TELLER MACHINES; CRITICAL INFRASTRUCTURES; PUBLIC WORKS; RISK ASSESSMENT; RISK MANAGEMENT;

RISK ANALYSIS;

EID: 84865657363     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-32498-7_43     Document Type: Conference Paper

References (17)

1. Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR-016, Carnegie Mellon University (2004)
2. Barber, B., Davey, J.: The use of the CCTA risk analysis and management methodology CRAMM in health information systems. In: 7th International Congress on Medical Informatics (MEDINFO 1992), pp. 1589-1593. North-Holland (1992)
3. Brændeland, G., Refsdal, A., Stølen, K.: Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software 83(10), 1995-2013 (2010)
4. Breu, M., Breu, R., Löw, S.: MoVEing forward: Towards an architecture and processes for a Living Models infrastructure. International Journal On Advances in Life Sciences 3(1-2), 12-22 (2011)
5. Communication from the Commission on a European programme for critical infrastructure protection. In: The European Commission, COM, 786 final (2006)
6. EUROCONTROL: Air traffic management strategy for the years 2000+ (2003)
7. Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for IT risk management. In: Information Security South Africa Conference, ISSA 2006 (2006)
8. International Organization for Standardization: ISO 31000 Risk management - Principles and guidelines (2009)
9. Ligaarden, O.S., Refsdal, A., Stølen, K.: Using indicators to monitor security risk in systems of systems: How to capture and measure the impact of service dependencies on the security of provided services. In: IT Security Governance Innovations: Theory and Research. IGI Global (to appear, 2012)
10. Lund, M.S., Solhaug, B., Stølen, K.: Evolution in relation to risk and trust management. Computer 43(5), 49-55 (2010)
11. Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis - The CORAS Approach. Springer (2011)
12. Lund, M.S., Solhaug, B., Stølen, K.: Risk Analysis of Changing and Evolving Systems Using CORAS. In: Aldini, A., Gorrieri, R. (eds.) FOSAD VI. LNCS, vol. 6858, pp. 231-274. Springer, Heidelberg (2011)
13. Massacci, F., Mylopoulos, J., Zannone, N.: Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology. In: Ras, Z.W., Tsay, L.-S. (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147-174. Springer, Heidelberg (2010)
14. Microsoft Solutions for Security and Compliance and Microsoft Security Center of Excellence: The Security Risk Management Guide (2006)
15. Object Management Group: OMG Unified Modeling Language (OMG UML), Superstructure. Version 2.2, OMG Document: formal/2009-02-02 (2009)
16. Peltier, T.R.: Information Security Risk Analysis, 2nd edn. Auerbach Publications (2005)
17. Report on the industrial validation of SecureChange solutions. SecureChange project deliverable D1.3 (2012)