Risk-Based Criticality Analysis

Theoharidou, Marianthi; Kotzanikolaou, Panayiotis; Gritzalis, Dimitris

doi:10.1007/978-3-642-04798-5_3

Cited by 39 publications

(22 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this end, we exploit the principle of proportionality by considering that the use of such a method should be solely confined in a critical infrastructure, given a prior user consent [37] [38] [39].…”

Section: Discussionmentioning

confidence: 99%

Business Process Modeling for Insider Threat Monitoring and Handling

Stavrou¹,

Kandias²,

Karoulas³

et al. 2014

Trust, Privacy, and Security in Digital Business

Self Cite

View full text Add to dashboard Cite

Abstract. Business process modeling has facilitated modern enterprises to cope with the constant need to increase their productivity, reduce costs and offer competitive products and services. Despite modeling's and process management's widespread success, one may argue that it lacks of built-in security mechanisms able to detect and deter threats that may manifest throughout the process. To this end, a variety of different solutions have been proposed by researchers which focus on different threat types. In this paper we examine the insider threat through business processes. Depending on their motives, insiders participating in an organization's business process may manifest delinquently in a way that causes severe impact to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes and propose a preliminary model for a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media by examining the online behavior of users and pinpoints potential insiders with critical roles in the organization's processes. Also, this approach highlights the threat introduced in the processes operated by such users. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be allowed solely on exceptional cases, such as protecting critical infrastructures or monitoring decision making personnel.

show abstract

Section: Discussionmentioning

confidence: 99%

Business Process Modeling for Insider Threat Monitoring and Handling

Stavrou¹,

Kandias²,

Karoulas³

et al. 2014

Trust, Privacy, and Security in Digital Business

Self Cite

View full text Add to dashboard Cite

show abstract

“…In recent CIP research [1,[5][6][7][8], the criticality of an asset depends not only on the potential impact of a security incident on the organization itself, but also on the outgoing societal risk caused to other dependent organizations. For example, if a major energy provider is experiencing a disruption for a certain period (i.e.…”

Section: Assessing Hidden Interdependencies For Critical Infrastructuresmentioning

confidence: 99%

“…Critical Infrastructure Protection (CIP) is usually based on risk assessment reviews [5]. With traditional risk assessment methodologies, a Critical Infrastructure Operator (CIO for short) will assess the information risks of all the assets within the organization, in order to identify the most critical assets.…”

Section: Assessing Hidden Interdependencies For Critical Infrastructuresmentioning

confidence: 99%

Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects

Kotzanikolaou

Theoharidou

Gritzalis

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract.One of the most challenging problems, when protecting critical infrastructures, is the identification and assessment of interdependencies. In this paper we examine the possible cumulative effects of a single security incident on multiple infrastructures. Our method provides a way to identify threats that may appear insignificant when examining only first-order dependencies, but may have potentially significant impact if one adopts a more macroscopic view and assesses multi-order dependencies. Based on previous work, we utilize existing first-order dependency graphs, in order to assess the effect of a disruption to consequent infrastructures.

show abstract

“…A common-cause failure can affect multiple infrastructures in different sectors such as government, health, information and communications technology and transportation [16,17]. Each infrastructure that has failed concurrently due to a common-cause failure may lead -with some probability -to multiple cascading chains of failures in its dependent infrastructures.…”

Section: Introductionmentioning

confidence: 99%

Cascading Effects of Common-Cause Failures in Critical Infrastructures

Kotzanikolaou

Theoharidou

Gritzalis

2013

Critical Infrastructure Protection VII

Self Cite

View full text Add to dashboard Cite

One of the most challenging problems in critical infrastructure protection is the assessment and mitigation of cascading failures across infrastructures. In previous research, we have proposed a model for assessing the cumulative security risk of cascading threats due to high-order dependencies between infrastructures. However, recent empirical studies indicate that common-cause failures may result in extremely high impact situations, which may be comparable with or even more devastating than the cascading effects of high-order dependencies. This paper presents an extension to our model, which permits the assessment of the risk arising from complex situations involving multiple cascading failures triggered by major or concurrent common-cause events. The paper also discusses a realistic scenario that is used as a test case for the model extension.

show abstract

Risk-Based Criticality Analysis

Cited by 39 publications

References 9 publications

Business Process Modeling for Insider Threat Monitoring and Handling

Business Process Modeling for Insider Threat Monitoring and Handling

Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects

Cascading Effects of Common-Cause Failures in Critical Infrastructures

Contact Info

Product

Resources

About