Time filter

Source Type

Bialas A.,Institute of Innovative Technologies EMAG
Advances in Intelligent Systems and Computing | Year: 2015

The paper concerns the risk assessment and management methodology in critical infrastructures. At the beginning a review is performed of the state of the art, regulations, best practices, EU projects, and other relevant documents. On this basis a set of the most preferable features of a CI risk management tool is identified. These features allow to specify basic requirements for the risk management tool. As the core of the solution is the bow-tie model. A risk register is proposed as an inventory of the hazardous events, along with other data structures for hazards/threats, vulnerabilities, consequences, and barriers. Risk factors and results measures, i.e. likelihood and consequences measures as well as a risk matrix are discussed. Next, a new concept is proposed how to integrate different bow-tie models through internal and external dependencies. These requirements can be implemented on the available software platform for further experiments and validation. © Springer International Publishing Switzerland 2015.

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains. © 2011 by the authors; licensee MDPI, Basel, Switzerland.

Rogowski D.,Institute of Innovative Technologies EMAG
2013 Federated Conference on Computer Science and Information Systems, FedCSIS 2013 | Year: 2013

Writing evidence documents for evaluation and certification processes according to the Common Criteria security standard is a very difficult, time-consuming and complex task. Nowadays there are only a few, limited solutions based on templates and software tools which can efficiently support developers in preparing evaluation deliverables. This paper describes the results of an R&D project whose aim was to work out a computer-aided tool with built-in design patterns. Firstly, according to all security assurance requirements the design patterns in a paper version were prepared. Secondly, they were verified and validated by the developers in order to make some amendments and improvements. The conclusions were used as the source of functional requirements for a computer-aided tool. As a result a complete computer system was designed which implements the design patterns, knowledge base, evaluation methodology, and additional external supporting software. That solution facilitates and speeds up the development of the evidence documentation. © 2013 Polish Information Processing Society.

Baginski J.,Institute of Innovative Technologies EMAG
Advances in Intelligent Systems and Computing | Year: 2013

The chapter presents information about the first stage of validation of the OSCAD tool for the risk reduction assessment within the decision support process. First, general information about risk management and risk assessment is given, and relations of the risk assessment with the flood issue are described. Basic information about the ValueSec project and its relations with risk assessment is presented. Next, the results of first experiments heading for OSCAD usage as one of the possible elements supporting the Risk Reduction Assessment (RRA) software pillar in the ValueSec project are described. The possibility of OSCAD usage for the RRA pillar was validated on the example of the so-called "flood use case" of the ValueSec project. This use case relates to the assessment and selection of flood countermeasures. The main objective of the validation is to find out if the risk assessment method implemented in OSCAD can be used for the flood issue. © Springer International Publishing Switzerland 2013.

Bialas A.,Institute of Innovative Technologies EMAG
Advances in Intelligent Systems and Computing | Year: 2013

The chapter presents the risk management approach applied in the EC FP7 ValueSec project. The security measures selection process is based on three pillars: Risk Reduction Assessment (RRA), Cost-Benefit-Analysis (CBA) and Qualitative Criteria Assessment (QCA). The ValueSec tool set, which is elaborated in the project, should be equipped with components corresponding to these pillars. The chapter overviews the researches of the project focused on the decision model elaboration and selection of existing method to be implemented, or existing tools to be integrated in the ValueSec framework. Risk management is a broad issue, especially in five of the project assumed contexts. For this reason more specialized components are allowed for the RRA pillar. Currently the project passes to the implementation and use case experimentation phase. The chapter shows the general architecture, currently implemented and the RRA component example. © Springer International Publishing Switzerland 2013.

Discover hidden collaborations