On the Impact of Uncertainty on Quantitative Security Risk Assessment

Lichte, Daniel; Termin, Thomas; Wolf, Kai-Dietrich

doi:10.3850/978-981-14-8593-0_4262-cd

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For this reason, it is necessary to modify PRISM to be able to handle a sharp vulnerability criterion which clearly separates the defender's success (successful intervention) from the attacker's success (worst case: asset gets successfully attacked) (Lichte et al 2016). Moreover, it needs to be assessed how uncertainties affect the residual probability that an attacker will still successfully reach the asset (Lichte et al 2020). Here, an approach using quantitative metrics is reasonable but not yet applied within PRISM.…”

Section: Introductionmentioning

confidence: 99%

Physical Security Risk Analysis for Mobile Access Systems Including Uncertainty Impact

Termin¹,

Lichte²,

Wolf³

2021

Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021)

Self Cite

View full text Add to dashboard Cite

Protection against car theft, involving organized crime, is a growing threat for car owners as well as fleet management providers. This brings the use of security technologies into automotive industry. The evaluation of security and the justified use of measures to reduce vulnerability of car security systems is perceived as a special challenge for vendors and users of mobile access systems (MAS), as usually only limited resources for design and analysis are available. A lack of adequate reference works and specifications in the form of concrete recommendations for action, guidelines or standards often leads to proprietary security assessments heavily relying on compliance checks. These assessments often lack sufficiency regarding application-specificity and target-orientation in terms of a good cost benefit ratio. This is true for MAS in particular, as they are relatively new products with specific use cases and boundary conditions. The open-available Performance Risk-based Integrated Security Methodology (PRISM) allows a performance-based physical security assessment of critical infrastructures (CRITIS) and initiated a paradigm shift towards performance-based methods within this area. However, PRISM comprises semi-quantitative approaches only and thus does not allow for the consideration of uncertainty impact. Moreover, the approach has not been applied to mobile access systems (MAS) yet. This paper aims at applying the concept of PRISM to the use case of MAS by extending and optimizing it to enable a holistic risk assessment considering uncertainties.

show abstract

Section: Introductionmentioning

confidence: 99%