Abstract

The paper concerns a risk assessment and management methodology in critical infrastructures. The research objective is to adapt a ready-made risk manager, supporting information security- and business continuity management systems, to a new domain of application - critical infrastructure protection. First, a review of security issues in critical infrastructures was performed, with special focus on risk management. On this basis the assumptions were discussed how to adapt the OSCAD risk manager designed for the information security/business continuity applications. According to these assumptions, the OSCAD risk manager was adapted to its new domain of application, i.e. critical infrastructures. The aim of this work is to assess the usefulness of such a solution and to elaborate requirements for the advanced critical infrastructure risk manager to be developed from scratch.

Highlights

  • CRITICAL infrastructures (CIs) consist of large scale infrastructures whose degradation, disruption or destruction would have a serious impact on health, safety, security or well-being of citizens or effective functioning of governments and/or economies

  • The aim of this work is to assess the usefulness of such a solution and to elaborate requirements for the advanced critical infrastructure risk manager to be developed from scratch

  • A new, This work was not supported by any organization holistic approach to CI protection is applied by programmes and activities which are understood as critical infrastructure protection (CIP)

Read more

Summary

INTRODUCTION

CRITICAL infrastructures (CIs) consist of large scale infrastructures whose degradation, disruption or destruction would have a serious impact on health, safety, security or well-being of citizens or effective functioning of governments and/or economies. Typical examples of such infrastructures are energy-, oil-, gas-, finance-, transport-, telecommunications-, and health sectors. A new, This work was not supported by any organization holistic approach to CI protection is applied by programmes and activities which are understood as critical infrastructure protection (CIP) It is a common effort of the infrastructure owners and operators, manufacturers, users, R&D institutions, governments, international bodies and regulatory authorities. The paper includes an introduction to risk management in critical infrastructures (section II), summarizes the preferred features of the risk management tool discussed in the work [4] (section III), presents the functionality of the OSCAD software platform (section IV), gives the specifics of OSCAD’s adaptation to be a CI risk manager (section V), and draws some conclusions for future works

RISK MANAGEMENT IN CRITICAL INFRASTRUCTURES
Conceptual model of the risk manager
Risk register and risk related data
Risk measures and the assessment process
Interdependencies and critical infrastructure specific phenomena
FUNCTIONALITY OF THE OSCAD SOFTWARE
Bow-tie model implementation in the OSCAD software platform
Risk measures and assessment process in the OSCAD software
CONCLUSIONS

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.