A process-based dependency risk analysis methodology for critical infrastructures

  title={A process-based dependency risk analysis methodology for critical infrastructures},
  author={George Stergiopoulos and Vasilis Kouktzoglou and Marianthi Theoharidou and Dimitris Gritzalis},
  journal={Int. J. Crit. Infrastructures},
This paper applies research in dependency modelling to a process-based risk assessment methodology suitable for critical infrastructures. The proposed methodology dynamically assesses the evolution of cascading failures over time between assets involved in a business process of an infrastructure. This approach can be applied by a CI operator/owner to explore how a failure in a single component (asset) affects the other assets and relevant business processes. It could also be applied in an… 

Figures and Tables from this paper

ARES: Automated Risk Estimation in Smart Sensor Environments

This paper proposes an approach for automated risk estimation in smart sensor environments, called ARES, which integrates with the business process model life cycle management and utilizes standards for platform, vulnerability, weakness, and attack pattern enumeration in conjunction with a well-known vulnerability scoring system.

Readiness Exercises: Are Risk Assessment Methodologies Ready for the Cloud?

This paper points out the essential characteristics that any risk assessment method addressed to cloud computing should incorporate, and suggests three new ones that are more appropriate based on their features, based upon existing literature.

Risk Evaluation Using Nominal Group Technique for Cloud Computing Risk Assessment in Healthcare

The risk assessment process is explored by highlighting the method in the risk evaluation process by introducing the Nominal Group Technique (NGT) and indirectly NGT process makes stakeholders aware of the current cloud security risk situation in the organization.


the method of calculating the criticality of sectoral ITS, the calculation of the criticality ranks for the functionality disruption of components, subsystems and systems of NCCS was carried out; the

A security-aware framework for designing indu-strial engineering processes

This paper presents a framework that extends previous, preliminary work on the integration of security in industrial engine-ering design practices, and provides an algorithmic approach that effectively reduces risk during industrial system design lifecycles.

Towards Integrating Security in Industrial Engineering Design Practices

This work presents a method to integrate security risk assessment analysis into engineering design practices by modeling internal dependencies between physical components in critical industrial production processes to identify possible hotspots of system failures that are challenging to handle later in the development lifecycle, especially during operation.



Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures

Assessing n-order dependencies between critical infrastructures

This paper utilises existing first-order dependency graphs, in order to assess the effect of a disruption to consequent infrastructures, and suggests that it may be possible to identify and prevent security threats of very high impact from a macroscopic view, which would be hard to identify if the authors only examine first- order dependencies.

A method for risk modeling of interdependencies in critical infrastructures

Critical infrastructure dependency assessment using the input-output inoperability model

Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art

Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure Protection program. The extensive number of risk assessment methodologies for critical

An impact-based approach for the analysis of cascading effects in critical infrastructures

This methodology allows to account for domino effects in the identification of critical infrastructures, based on the impact on citizens of the outage of the various infrastructure, and supports an effective implementation of EU Directive 114/08/CE on the identification and protection of critical infrastructure.

Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects

The possible cumulative effects of a single security incident on multiple infrastructures is examined and a way to identify threats that may appear insignificant when examining only first-order dependencies, but may have potentially significant impact if one adopts a more macroscopic view and assesses multi- order dependencies is provided.

Modeling dependencies in security risk management

  • T. AlpcanN. Bambos
  • Computer Science
    2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009)
  • 2009
The presented framework facilitates a systematic prioritization of risks in organizations and captures how risk ‘diffuses’ via complex interactions and reaches an equilibrium by introducing a Risk-Rank algorithm.

Business Process Risk Management and Internal Control: A proposed Research Agenda in the context of Compliance and ERP systems

Integration of risk management and management control is emerging as an important area in the wake of the Sarbanes-Oxley Act and with ongoing development of frameworks such as the Enterprise Risk

Cascading Effects of Common-Cause Failures in Critical Infrastructures

An extension to the proposed model for assessing the cumulative security risk of cascading threats due to high-order dependencies between infrastructures is presented, which permits the assessment of the risk arising from complex situations involving multiple cascading failures triggered by major or concurrent common-cause events.