Title: Assurance Cases: An Approach to Communicating Infrastructural Security Risks
Citation: Critical Information Infrastructure Assurance Symposium
Publisher: Virginia Tech University
Publication Year: 2006
JRC N°: JRC32873
URI: http://www.cimap.vt.edu/CIIA/Papers/Session1-1-Marcelo.pdf
Type: Articles in periodicals and books
Abstract: Critical infrastructures are characterized by the number of actors that operate the different interconnected constituent systems. The protection of the critical infrastructure as a whole results from the individual actions of those many operators. Any decision about the adequacy of the protection level requires the communication of the respective security situations: among the infrastructure operators for their mutual assurance, to the authorities for policy decisions related to national security and the welfare of society, and to the end-users of the infrastructure. Nowadays, there is standard method for communicating these assurance levels. But there are other fields where similar situations have been solved with structure methods. For instance, in the European nuclear, railways and military fields, it is common to make use of the so-called Safety Case. The presentation will discuss the challenges foreseen in the development of Assurance Cases for critical infrastructures, taking into consideration their particular characteristics: dynamic vulnerabilities and threats, multiplicity of stakeholders, etc., with special consideration of malicious attacks and security requirements. In addition, the talk will present the evolution of the research done on the application of Assurance Cases to summarizing the results of assessments for the sake of facilitating the dialogue between operators, authorities and end users.
JRC Directorate:Space, Security and Migration

Files in This Item:
There are no files associated with this item.

Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.