Model-driven risk analysis of evolving critical infrastructures

Journal of Ambient Intelligence and Humanized Computing

Volumn 5, Issue 2, 2014, Pages 187-204

  Solhaug, Bjørnar ^a   Seehusen, Fredrik ^a  

^a SINTEF ICT   (Norway)

Author keywords

ATM; Critical infrastructures; Evolution; Incident preparedness; Interdependencies; Risk analysis; Security

Indexed keywords

ADVANCED TRAFFIC MANAGEMENT SYSTEMS; AIR TRAFFIC CONTROL; AUTOMATIC TELLER MACHINES; CRITICAL INFRASTRUCTURES; RISK ASSESSMENT; RISK MANAGEMENT;

AIR TRAFFIC MANAGEMENT; EVOLUTION; INCIDENT PREPAREDNESS; INTERDEPENDENCIES; INTERDEPENDENT SYSTEMS; MODEL DRIVEN SECURITY; PROTECTION AND SECURITY; SECURITY;

RISK ANALYSIS;

EID: 84897047032     PISSN: 18685137     EISSN: 18685145     Source Type: Journal    
DOI: 10.1007/s12652-013-0179-6     Document Type: Article

References (37)

1. Alberts CJ, Davey J (2004) OCTAVE criteria version 2. 0. Technical report CMU/SEI-2001-TR-016. Mellon University, Carnegie.
2. Aven T, Sklet S, Vinnem JE (2006) Barrier and operational risk analysis of hydrocarbon releases (BORA-Release). Part I. Method description. J Hazard Mater A 137: 681-691.
3. Barber B, Davey J (1992) The use of the CCTA risk analysis and management methodology CRAMM in health information systems. In: 7th international congress on medical informatics (MEDINFO'92), North-Holland, pp 1589-1593.
4. Ben-Gal I (2007) Bayesian networks. In: Ruggeri F, Kenett RS, Faltin FW (eds) Encyclopedia of statistics in quality and reliability. Wiley, New York.
5. Brændeland G, Refsdal A, Stølen K (2010) Modular analysis and modelling of risk scenarios with dependencies. J Syst Softw 83(10): 1995-2013.
6. Breu M, Breu R, Löw S (2011) MoVEing forward: towards an architecture and processes for a living models infrastructure. Int J Adv Life Sci 3(1-2): 12-22.
7. Buchmayr M, Kurschl W (2011) A survey on situation-aware ambient intelligence systems. J Ambient Intell Human Comput 2(3): 175-183.
8. De Amicis R, Conti G, Piffer S, Prandi F (2011) Service oriented computing for Ambient Intelligence to support management of transport infrastructures. J Ambient Intell Human Comput 2(3): 201-211.
9. De Maio C, Fenza G, Gaeta M, Loia V, Orciuoli F (2011) A knowledge-based framework for emergency DSS. Knowl Based Syst 24(8): 1372-1379.
10. EU (2006) Communication from the Commission on a European programme for critical infrastructure protection. The European Commission, COM (2006) 786 final.
11. EUROCONTROL (2003) Air traffic management strategy for the years 2000+.
12. EUROCONTROL (2006) Methodology report for the 2005/2012 integrated risk picture for Air Traffic Management in Europe. EUROCONTROL, EEC Technical/Scientific Report No. 2006-041.
13. Felici M, Meduri V, Solhaug B, Tedeschi A (2011) Evolutionary risk analysis: Expert judgment. In: 30th international conference on computer safety, reliability, and security (SAFECOMP'11), Springer, LNCS, 6894, pp 99-112.
14. Howard RA (1971) Dynamic probabilistic systems, vol I. Markov models. Wiley, New York.
15. Howard RA, Matheson JE (2005) Influence diagrams. Decis Anal 2(3): 127-143.
16. IEC (1990) IEC 61025 Fault Tree Analysis (FTA). International Electrotechnical Commission.
17. IEC (1995) IEC 61165 Application of Markov Techniques. International Electrotechnical Commission.
18. Innerhofer-Oberperfler F, Breu R (2006) Using an enterprise architecture for IT risk management. In: Information Security South Africa conference (ISSA'06).
19. ISO (2009) ISO 31000 Risk management-principles and guidelines. International Organization for Standardization.
20. Ligaarden OS, Lund MS, Refsdal A, Seehusen F, Stølen K (2011) An architectural pattern for enterprise level monitoring tools. In: Maintenance and evolution of service-oriented and cloud-based systems (MESOCA'11). IEEE Computer Society, pp 1-10.
21. Ligaarden OS, Refsdal A, Stølen K (2012) Using indicators to monitor security risk in systems of systems: How to capture and measure the impact of service dependencies on the security of provided services. In: IT Security Governance Innovations: Theory and Research, IGI Global, pp 256-292.
22. Lund MS, Refsdal A (2013) BRIDGE risk analyzer: a collaborative tool for enhanced risk analysis in crisis situations. In: Proceedings of the international workshop on AmI for Crisis Management, CEUR Workshop Proceedings (to appear).
23. Lund MS, Solhaug B, Stølen K (2010) Evolution in relation to risk and trust management. Computer 43(5): 49-55.
24. Lund MS, Solhaug B, Stølen K (2011a) Model-driven risk analysis-the CORAS approach. Springer, Berlin.
25. Lund MS, Solhaug B, Stølen K (2011b) Risk analysis of changing and evolving systems using CORAS. In: Foundations of Security Analysis and Design VI (FOSAD VI), Springer, LNCS 6858, pp 231-274.
26. Massacci F, Mylopoulos J, Zannone N (2010) Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Advances in intelligent information systems, studies in computational intelligence, vol 265, pp 147-174.
27. Microsoft (2006) The security risk management guide. Microsoft Solutions for Security and Compliance and Microsoft Security Center of Excellence.
28. OMG (2009) OMG Unified Modeling Language (OMG UML), Superstructure. Version 2. 2. Object Management Group, OMG Document: formal/2009-02-02.
29. OMG (2011a) Business process model and notation (BPMN). Version 2. 0. Object Management Group, OMG Document: formal/2011-01-03.
30. OMG (2011b) Meta object facility (MOF) 2. 0 Query/View/Transformation Specification. Version 1. 1. Object Management Group, OMG Document: formal/2011-01-01.
31. Peltier TR (2005) Information security risk analysis, 2nd edn. Auerbach Publications.
32. Refsdal A, Stølen K (2009) Employing key indicators to provide a dynamic risk picture with a notion of confidence. In: Trust management III. IFIP advances in information and communication technology, vol 300. Springer, Berlin, pp 215-233.
33. SecureChange (2011a) Assessment method. SecureChange project deliverable D5. 3.
34. SecureChange (2011b) Integrability of design modelling solution. SecureChange project deliverable D4. 4b.
35. SecureChange (2012) Report on the industrial validation of SecureChange solutions. SecureChange project deliverable D1. 3.
36. Seehusen F, Solhaug B (2012) Tool-supported risk modeling and analysis of evolving critical infrastructures. In: Multidisciplinary research and practice for information systems (CD-ARES 2012), Springer, LNCS 7465, pp 562-577.
37. Voirin JL (2008) Method and tools for constrained system architecting. In: 18th annual international symposium of the international council on systems engineering (INCOSE'08). Curran Associates, Inc., pp 775-789.