nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Towards Integrated Quantitative Security and Safety Risk Assessment

verfasst von : Jürgen Dobaj, Christoph Schmittner, Michael Krisper, Georg Macher

Erschienen in: Computer Safety, Reliability, and Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Although multiple approaches for the combination of safety and security analysis exist, there are still some major gaps to overcome before they can be used for combined risk management. This paper presents the existing gaps, based on an overview of available methods, which is followed by the proposal towards a solution to achieve coordinated risk management by applying a quantitative security risk assessment methodology. This methodology extends established safety and security risk analysis methods with an integrated model, denoting the relationship between adversary and victim, including the used capabilities and infrastructure. This model is used to estimate the resistance strength and threat capabilities, to determine attack probabilities and security risks.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Combined Approach for Safety and Security

Nächstes Kapitel Potential Use of Safety Analysis for Risk Assessments in Smart City Sensor Network Applications

Caltagirone, S., Pendergast, A., Betz, C.: The diamond model of intrusion analysis. Technical report, Center for Cyber Intelligence Analysis and Threat Research Hanover MD (2013)

Cox, A.L.: What’s wrong with risk matrices? Risk Anal. 28(2), 497–512 (2008). https://doi.org/10.1111/j.1539-6924.2008.01030.xCrossRef

Cox, L.A.: Some limitations of “risk = threat vulnerability consequence” for risk analysis of terrorist attacks. Risk Anal. 28(6), 1749–1761 (2008)CrossRef

Elmaghraby, A.S., Losavio, M.M.: Cyber security challenges in smart cities: safety, security and privacy. J. Adv. Res. 5(4), 491–497 (2014)CrossRef

European Commission: A European strategy on Cooperative Intelligent Transport Systems, a milestone towards cooperative, connected and automated mobility. Technical report, European Commission, November 2016

Freund, J.: Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, Oxford (2015)

Hubbard, D., Evans, D.: Problems with scoring methods and ordinal scales in risk assessment. IBM J. Res. Dev. 54(3), 2 (2010)CrossRef

Hubbard, D.W., Seiersen, R.: How to Measure Anything in Cybersecurity Risk. Wiley, Hoboken (2016)CrossRef

IEC: IEC 60812: Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) (2006)

10.

ISO: ISO 31000 - risk management - guidelines

11.

ISO: ISO 26262 Road vehicles - Functional safety (2011)

12.

ISO/IEC: ISO/IEC directives, part 1

13.

ISO/IEC: ISO/IEC 15408: Information Technology Security Evaluation (2005)

14.

Johnson, C.W.: Why we cannot (yet) ensure the cybersecurity of safety-critical systems. In: Proceedings of 24th Safety-Critical Systems Symposium, pp. 171–182 (2016)

15.

Joint Task Force Transformation Initiative: Guide for conducting risk assessments. https://doi.org/10.6028/NIST.SP.800-30r1

16.

Lisova, E., Sljivo, I., Causevic, A.: Safety and security co-analyses: a systematic literature review (2018)

17.

Macher, G., et al.: Integration of security in the development lifecycle of dependable automotive CPS (2017)

18.

Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A comprehensive safety, security, and serviceability assessment method. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 410–424. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24255-2_30CrossRef

19.

Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation and Test in Europe Conference and Exhibition (2015)

20.

Malcolm, D.G., Roseboom, J.H., Clark, C.E., Fazar, W.: Application for a technique for research and development program evaluation (1959)

21.

Microsoft Corporation: The STRIDE Threat Model (2005). http://msdn.microsoft.com/en-us/library/ee823878%28v =cs.20%29.aspx

22.

Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_21CrossRef

23.

Schneier, B.: Attack trees (1999). http://www.schneier.com/attacktrees.pdf

24.

International Organization for Standardization (ISO), I.E.C.I.: Information technology – Security techniques – Information security risk management (2008)

25.

The Open Group: Risk Analysis (O-RA), October 2013

26.

The Open Group: Risk Taxonomy (O-RT) 2.0, October 2013

27.

Xu, L.D., Xu, E.L., Li, L.: Industry 4.0: state of the art and future trends. Int. J. Prod. Res. 56(8), 2941–2962 (2018)CrossRef

Titel: Towards Integrated Quantitative Security and Safety Risk Assessment
verfasst von: Jürgen Dobaj
Christoph Schmittner
Michael Krisper
Georg Macher
Verlag: Springer International Publishing
Buch: Computer Safety, Reliability, and Security
Print ISBN: 978-3-030-26249-5

Electronic ISBN: 978-3-030-26250-1

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-26250-1_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"