A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems

Mokalled, Hassan; Pragliola, Concetta; Debertol, Daniele; Meda, Ermete; Zunino, Rodolfo

doi:10.1007/978-3-319-95597-1_3

Cited by 12 publications

(7 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their framework uses various building blocks that we also apply, such as STRIDE, CVE and CVSS. Furthermore, Mokalled et al [29] proposed a general risk management framework for CPSs focusing on specific characteristics of the CPSs. Rosado et al [30] proposed a risk analysis approach for CPS based on MARISMA.…”

Section: Related Work On Cps Risk Assessment Methodologiesmentioning

confidence: 99%

Risk assessment and control selection for cyber-physical systems: a case study on supply chain tracking systems

Kavallieratos¹,

Grigoriadis²,

Katsika³

et al. 2022

J Surveill Secur Saf

View full text Add to dashboard Cite

Aim: The paper proposes a novel risk assessment method ology for complex cyber-physical systems: The proposed method ology may assist risk assessors to: (a) assess the risks deriving from cyber and physical interactions among cyber-physical components; and (b) prioritize the control selection process for mitigating these risks. Methods: To achieve this, we combine and modify appropriately two recent risk assessment method ologies targeted to cyber physical systems and interactions, as underlying building blocks. By applying the existing method ology, we enable the utilization of well-known software vulnerability taxonomies, to extract vulnerability and impact submetrics for all the interactions among the system components. These metrics are then fed to the risk analysis phase in order to assess the overall cyber-physical risks and to prioritize the list of potential mitigation controls. Results: To validate the applicability and efficiency of the proposed method ology, we apply it in a realistic scenario involving supply chain tracking systems. Conclusion: Our results show that the proposed method ology can be effectively applied to capture the risks deriving from cyber and physical interactions among system components in realistic application scenarios, while for large scale networks further testing should be carried out.

show abstract

Section: Related Work On Cps Risk Assessment Methodologiesmentioning

confidence: 99%

Risk assessment and control selection for cyber-physical systems: a case study on supply chain tracking systems

Kavallieratos¹,

Grigoriadis²,

Katsika³

et al. 2022

J Surveill Secur Saf

View full text Add to dashboard Cite

show abstract

“…Risk management framework is an effective method to access, mitigate, and evaluate risks associated with the threat. Several risk management frameworks are available such as for scada systems [50] , online services [51] , and cyber physical systems [52] – [54] . Accordingly, a pandemic such as COVID-19 warrants new and rapid framework that can be implemented immediately.…”

Section: Potential Mitigation Solutionsmentioning

confidence: 99%

Have You Been a Victim of COVID-19-Related Cyber Incidents? Survey, Taxonomy, and Mitigation Strategies

et al. 2020

View full text Add to dashboard Cite

Cybercriminals are constantly on the lookout for new attack vectors, and the recent COVID-19 pandemic is no exception. For example, social distancing measures have resulted in travel bans, lockdowns, and stay-athome orders, consequently increasing the reliance on information and communications technologies, such as Zoom. Cybercriminals have also attempted to exploit the pandemic to facilitate a broad range of malicious activities, such as attempting to take over videoconferencing platforms used in online meetings/educational activities, information theft, and other fraudulent activities. This study briefly reviews some of the malicious cyber activities associated with COVID-19 and the potential mitigation solutions. We also propose an attack taxonomy, which (optimistically) will help guide future risk management and mitigation responses.

show abstract

“…The work done at the company: The main part of the work was done at the Company; it handled the issue of managing data protection in a systematic way, through proposing a Data protection management approach (chapter three), and the shows the ISMS implementing this approach (chapter four) [8]. After that, a comprehensive framework is designed for the security risk management of Cyber physical systems, this framework represents the strategy used to manage the security risk management [9], and it falls inside the ISMS (chapter five).…”

Section: The Phd Goal: Objective and Contributionsmentioning

confidence: 99%

“…Many companies seek to reinforce their security capabilities to better safeguard against cybersecurity threats, so they adopt multi-layered security strategies that include using This chapters describes an approach proposed to aid enterprises, in selecting an applicable SIEM solution.Information and communication technology (ICT) has made a remarkable impact on the society. Companies nowadays rely on information and communication technology which puts their assets under certain risks especially cyber ones, hence they must be kept under control by means of security countermeasures that generate confidence in the use of these assets[9].For example, when a potential issue is detected, SIEM might log it as a new information, generate an alert and instruct other security controls to stop any activity progress. Gartner estimates the SIEM market will grow at a compound annual growth rate (CAGR) of 9.5% between 2016 and 2022, and the worldwide spending on SIEM will reach 3.72 billion dollars[34].…”

mentioning

confidence: 99%

The Importance to Manage Data Protection in the Right Way: Problems and Solutions

Mokalled

Debertol

Meda

et al. 2017

Springer Proceedings in Mathematics &Amp; Statistics

Self Cite

View full text Add to dashboard Cite

Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of "Managing data protection". The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It ...

show abstract

A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems

Cited by 12 publications

References 3 publications

Risk assessment and control selection for cyber-physical systems: a case study on supply chain tracking systems

Risk assessment and control selection for cyber-physical systems: a case study on supply chain tracking systems

Have You Been a Victim of COVID-19-Related Cyber Incidents? Survey, Taxonomy, and Mitigation Strategies

The Importance to Manage Data Protection in the Right Way: Problems and Solutions

Contact Info

Product

Resources

About