Risk-based criticality analysis

IFIP Advances in Information and Communication Technology

Volumn 311, Issue , 2009, Pages 35-49

  Theoharidou, Marianthi ^a   Kotzanikolaou, Panayiotis ^b   Gritza Lis, Dimitris ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

^b UNIVERSITY OF PIRAEUS   (Greece)

Author keywords

Criticality; Impact; Risk analysis

Indexed keywords

CRITICAL ASSET; CRITICAL INFRASTRUCTURE PROTECTION; CRITICALITY ANALYSIS; IMPACT; PRIORITIZATION; RISK-BASED; THREATS AND VULNERABILITIES;

CRITICALITY (NUCLEAR FISSION); RISK ANALYSIS; RISK ASSESSMENT;

CRITICAL INFRASTRUCTURES;

EID: 84885179321     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-04798-5_3     Document Type: Conference Paper

References (26)

1. E. Adar and A. Wuchner, Risk management for critical infrastructure protection challenges: Best practices and tools, Proceedings of t he First IEEE International Workshop on Critical Infrastructure Protection, 2005.
2. C. Alberts and A. Dorofee, Managing Information Security Risks: The OCTAVE Approach, Addison-Wesley/Pearson, Boston, Massachusetts, 2003.
3. A. Bialas, Information security systems vs. critical information infrastructure protection systems - Similarities and differences, Proceedings of the International Conference on the Dependability of Computer Systems, pp. 60-67, 2006.
4. E. Brunner and M. Suter, International CIIP Handbook 2008/2009: An Inventory of 25 National and 7 International Critical Infrastructure Protection Policies, Center for Security Studies, ETH Zurich, Zurich, Switzerland, 2008.
5. E. Casalicchio and E. Galli, Metrics for quantifying interdependencies, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 215-227, 2008.
6. Emergency Management Australia, Critical Infrastructure Emergency Risk Management and Assurance Handbook, Mount Macedon, Australia, 2003.
7. European Commission, Communication from the Commission of 12 December 2006 on a European Programme for Critical Infrastructure Protection, COM (2006)786 Final, Brussels, Belgium, 2006.
8. European Commission, Proposal for a Directive of the Council on the Identification and Designation of European Critical Infrastructure and the Assessment of the Need to Improve Their Protection, COM(2006)787 Final, Brussels, Belgium, 2006.
9. Insight Consulting, CRAMM User Guide, Issue 5.1, Walton-on-Thames, United Kingdom, 2005.
10. International Organization for Standardization, ISO/IEC Guide 73:2002: Risk Management - Vocabulary - Guidelines for Use in Standards, Geneva, Switzerland, 2002.
11. J. Kopylec, A. D'Amico and J. Goodall, Visualizing cascading failures in critical cyber infrastructures, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 351-364, 2007.
12. KPMG Peat Marwick, Vulnerability Assessment Framework 1.1, U.S. Critical Infrastructure Assurance Office, Washington, DC, 1998.
13. W. Kroger, Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools, Reliability Engineering and System Safety, vol. 93(12), pp. 1781-1787, 2008.
14. R. Likert, A technique for the measurement of attitudes, Archives of Psychology, vol. 140(22), pp. 1-55, 1932.
15. E. Luiijf, Threat Taxonomy for Critical Infrastructures and Critical Infrastructure Risk Aspects at the EU-Level, Version 1.04, Deliverable D1.2, Technical Report VITA PASR-2004-004400, TNO Defence, Security and Safety, The Hague, The Netherlands, 2006.
16. E. Luiijf, H. Burger and M. Klaver, Critical infrastructure protection in the Netherlands: A quick-scan, Proceedings of the EICAR Conference, 2003.
17. Ministry of the Interior and Kingdom Relations, National Risk Assessment Method Guide 2008, The Hague, The Netherlands, 2008.
18. J. Moteff, Risk Management and Critical Infrastructure Protection: Assessing, Integrating and Managing Threats, Vulnerabilities and Consequences, CRS Report for Congress, Document RL32561, Congressional Research Service, Library of Congress, Washington, DC, 2005.
19. A. Nieuwenhuijs, E. Luiijf and M. Klaver, Modeling dependencies in critical infrastructures, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 205-213, 2008.
20. North American Electric Reliability Corporation, Standard CIP-002-1, Cyber Security-Critical Asset Identification, Washington, DC, 2006.
21. P. Pederson, D. Dudenhoeffer, S. Hartley and M. Permann, Critical Infrastructure Interdependency Modeling: A Survey of U.S. and International Research, Technical Report INL/EXT-06-11464, Idaho National Laboratory, Idaho Falls, Idaho, 2006.
22. Public Safety and Emergency Preparedness Canada, Selection Criteria to Identify and Rank Critical Infrastructure Assets, Ottawa, Canada, 2004.
23. S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11-25, 2001.
24. R. Setola, S. Bologna, E. Casalicchio and V. Masucci, An integrated approach for simulating interdependencies, in Critical Infrastructure Protection II, M. Papa and S. Shenoi, (Eds.), Springer, Boston, Massachusetts, pp. 229-239, 2008.
25. G. Stoneburner, A. Goguen and A. Feringa, Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology, Special Publication 800-30, National Institute of Standards and Technology, Gaithersburg, Maryland, 2002.
26. U.S. Department of Homeland Security, National Infrastructure Protection Plan 2009, Washington, DC, 2009.