Methodology of Situational Management of Critical Infrastructure Security (original) (raw)
Related papers
Security Risk Management for Critical Infrastructures
ItAIS 2011, 2011
This paper presents a methodology for risk management developed and used mainly for critical infrastructures, but that can be generalized and used in other contexts. It outlines security risk assessment including identifying processes, resources / assets, threats and vulnerabilities, impacts and likelihood of failures. The methodology primary focus is the analysis of business impacts and the quantification of the different risks, together with the identification of priority intervention areas, in order to eliminate, reduce, transfer or assume calculated risks, finding the right balance between the investment (resources, money etc.) and the acceptable level / threshold of risk. The paper, based on theoretical background and on practical experiences and results achieved in real organizations that operate on global level, presents critical infrastructure characteristics, the risk management process, security goals and standards and an integrated methodology for risk management applied to critical infrastructures. Some applications cases and results obtained are shortly described, disguised for strong confidentiality issues.
Situational Management Of Critical Infrastructure Resources Under Threat
Foundations of Management, 2015
This article presents a synthesis of knowledge about safety management procedures for critical infrastructure in the context of risk management theory and the provisions of the Polish law on emergency management launched on of April 26, 2007. In this paper, the inadequacy of the accepted procedures at present is highlighted, as well as their continuous improvement and adaptation to prevailing political, legal, social, and economic conditions. This paper proposes using the concept of situational management and knowledge management to develop a new method of predicting, preventing, and responding to emerging crises within critical infrastructure. The considerations presented in this paper lead to a proposed concept system supporting critical infrastructure safety management through the implementation of knowledge management methods.
Cyber Security Management Model for Critical Infrastructure Protection
International Scientific Conference „Contemporary Issues in Business, Management and Economics Engineering"
Purpose – in this article, the authors propose a management model for Critical Infrastructure cybersecurity, further development of a model developed by Limba, Plėta, Agafonov, and Damkus (2017). Research methodology – methodology consists of researching the best practices in cybersecurity management for Critical Infrastructures and evaluating the best element to be included. The article offers an overview of the model, including structure and objectives, and further analysis that focuses on pre-existing CI management frameworks. Findings – main results show that, although previously published protocols and models contain valuable elements, there is still the need to implement a comprehensive model which can be applied to every type of CI. Research limitations – research might have been limited due to the lack of a unitary approach to cybersecurity management for CI, meaning the lack of possibility of reference to a similar model and approach. Practical implications – model which is...
2018
The subject matter of the article is information and communication networks of critical infrastructure systems. The goal of the work is to create an approach for strategic managing the security of critical infrastructure systems taking into account the risks of the information and communication network. The article deals with the following tasks: determining the procedure of strategic managing the security of critical infrastructure systems, identifying the risks of the information and communication network, assessing the importance and probability of partial network risks. The following methods are used: a systematic approach, cause-and-effect analysis, statistical methods. The following results are obtained: the diagram of multi-level risk management of critical infrastructure systems is developed; the diagram of the step-by-step method of information risks management is developed for increasing the safety of the system; the complex index is suggested for determining the category ...
Cyber security management model for critical infrastructure
Entrepreneurship and Sustainability Issues, 2017
Cyber security is the most critical aspect nowadays of our technologically based lives. Government institutions, banking sectors, public and private services, nuclear power plants, power grid operators, water suppliers or waste water treatment companies use information technologies in their day-today operations. Everything that uses technologies are based on communication and information systems and that means that it depends on cyber security. The public and private sector each year spend millions of dollars on technologies, security software and hardware devices that will increase the cyber security inside their companies, but they are still vulnerable. The main problem of this situation is that cyber security is still usually treated as a technical aspect or technology which can be easily implemented inside the organization and this implementation will guarantee cyber security. This attitude must change, because cyber security nowadays is something more than just the technology. This article presents the taxonomy of the critical infrastructure attacks, analyzes attack vectors and attack methods used to damage critical infrastructure as well as the most common cyber security mistakes which organizations make in the cyber security field when trying to make themselves safer from vulnerabilities. The main aim of this article is to provide theoretical aspects of the cyber security management model which can be used to ensure security of critical infrastructure in an organization or company. The cyber security management model that is presented in this article is analyzed from management perspectives and is not concerned with technological aspects and products that are used to protect critical infrastructure from cyber security attacks and vulnerabilities.
Proactive Security Protection of Critical Infrastructure
Approaches for Threat Protection, 2013
The belief that a static alarm system will safeguard critical infrastructure without additional support mechanisms is misplaced. This complacency is no longer satisfactory with the increase in worldwide threat levels and the potential social consequences. What is required is a more proactive, comprehensive security management process that adds to the ability to prevent, detect, deter, respond, and defeat potential harmful events and incidents. The model proposed here is proactive and grounded upon current operational procedures used by major companies in hostile and dangerous environments. By utilising a clearly defined comprehensive risk management tool, a more systematic security, threat, risk, and vulnerability assessment (STRVA), process can be developed. This process needs to identify deliberate targeting of assets through multiple intelligence gathering capabilities, plus defeat testing to probe existing security defences. The consequence approach to a potential breakthrough is at the essence of this methodology.
Comprehensive Approach to Security Risk Management in Critical Infrastructures and Supply Chains
Information & Security: An International Journal, 2013
The ability to assess and therefore react to risk exposure in critical infrastructures and supply chains environments greatly contributes to reaching suitable protection levels and response mechanisms. Due to the unavoidable interdependencies among those infrastructures, that allow disruptions to spread from one to another and likely cause a great impact on society's welfare state, risk management might be seen as a common and shared concern. The Comprehensive Risk Management approach tries to face this process by gathering information from a broad range of disciplines (physical and logical security, safety, environmental threats, etc.) while taking into account interdependencies of critical infrastructures and supply chains at different layers, going from critical infrastructure operators point of view, to sectoral, national and finally supranational levels. Besides, risk assessment and management processes rely on accurate and timely information to assist decision making, but this information (security holes, attacks or even disruptions suffered by an infrastructure or supply chain)-due to its sensitiveness-does not easily flow between involved or interested parties. This paper provides an analysis of this situation and suggest future fields of action, supported by conclusions drawn from the FOCUS project.
Development of a concept for building a critical infrastructure facilities security system
Eastern-European Journal of Enterprise Technologies
To effectively protect critical infrastructure facilities (CIF), it is important to understand the focus of cybersecurity efforts. The concept of building security systems based on a variety of models describing various CIF functioning aspects is presented. The development of the concept is presented as a sequence of solving the following tasks. The basic concepts related to cyberattacks on CIF were determined, which make it possible to outline the boundaries of the problem and determine the level of formalization of the modeling processes. The proposed threat model takes into account possible synergistic/emergent features of the integration of modern target threats and their hybridity. A unified threat base that does not depend on CIF was formed. The concept of modeling the CIF security system was developed based on models of various classes and levels. A method to determine attacker's capabilities was developed. A concept for assessing the CIF security was developed, which all...
Concept of Situational Management of Safety Critical Infrastructure of State
Foundations of Management, 2016
This article presents a synthesis of knowledge about safety management procedures for critical infrastructure (CI) in the context of risk management theory and the provisions of the Polish law on emergency management of 26 April 2007. In this paper, the inadequacy of the accepted procedures at present is highlighted, as well as their continuous improvement and adaptation to prevailing political, legal, social and economic conditions. It proposes using the concept of scenario approach and situational management approach and technique analysis of interconnected decision areas (AIDA) and casebased reasoning (CBR) to develop integral situational resource model CI. The considerations presented in this paper lead to a proposed a new method for predicting, preventing and responding to emerging crises within the CI.
INTEGRATED MODEL OF CRITICAL INFRASTRUCTURE PROTECTION RISK MATRIX ˝BRČKO DISTRICT BIH
Journal of Security and Safety, 2023
Under EU Council Directive 2008/114 for the protection of critical infrastructure (CI), in Brčko in the District of Bosnia and Herzegovina (BD BiH) in 2018, the "Integrated Model" was established protection of CI" in three phases: 1. Phase-preparation of preventive documentation, 2. Phasedimplementation of technical systems of monitoring and early warning and Phase 3strengthening response capacity. The 1st phase includes the creation of a threat assessment and protection and rescue plans. They are identified as natural, technical-technological, and anthropogenic risks, which have an impact on people, property, environment, critical infrastructure (CI), and public and cultural facilities. Risk matrices were created, which analyzed the probabilities and impacts on people, economy/environment, and social/political community, and priorities and measures for their protection have been determined. Representative risks are defined that threaten CIs and modeled as the most likely and worst possible scenarios and impacts in the event her interruptions. The action plan provides measures and technical solutions for the establishment of an efficient protection and rescue system. By implementing a monitoring and early warning system all technical risk monitoring systems are integrated at CI (sensor monitoring system for natural disasters, early warning and evacuation system, access control system, system video surveillance, fire and gas detection, and alarm system, active extinguishing system, georeferenced information system (GIS), IT protection system, intelligent management model objects (BIM), etc. They are connected to each other through the reporting operation center (DOC). into a model of integrated management and supervision in the wider space and facilities of the CI, which can be used for later maintenance of all protection and rescue systems. 3. The phase has established a system of response services that can effectively respond to crises and plans to strengthen its capacity. Working procedures and control over the correctness of the system in case of threats to CI. A system of training, skill development, and verification through annual examinations is also being established in field exercises. The integrated protection model established in this way represents the most effective way of risk management on critical infrastructure.