Requirements Analysis for the Evaluation of Automated Security Risk Assessments

被引：0

作者：

Ehrlich, Marco ^{[1
]}

Lukas, Georg ^{[2
]}

Trsek, Henning ^{[1
]}

Jasperneite, Juegen ^{[3
]}

Kastner, Wolfgang ^{[4
]}

Diedrich, Christian ^{[5
]}

机构：

[1] OWL Univ Appl Sci & Arts, InIT Inst Ind IT, D-32657 Lemgo, Germany

[2] Rt Solut De GmbH, Ind Secur, D-50968 Cologne, Germany

[3] Fraunhofer IOSB INA, D-32657 Lemgo, Germany

[4] TU Wien Informat, A-1040 Vienna, Austria

[5] Otto von Guericke Univ, D-39106 Magdeburg, Germany

来源：

2024 IEEE 20TH INTERNATIONAL CONFERENCE ON FACTORY COMMUNICATION SYSTEMS, WFCS | 2024年

关键词：

Industry; 4.0; Security; Risk Assessment; Automation; Requirements; Evaluation; Verification; SAFETY;

D O I：

10.1109/WFCS60972.2024.10540830

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The overall Industry 4.0 developments and the highly dynamic threat landscape enhance the need for continuous security engineering of industrial components, modules, and systems. Security risk assessments play a major role to ensure a secure operation of Industrial Automation and Control Systems (IACSs) but are mostly neglected due to missing resources and a lack of human experts for the sophisticated manual tasks. Therefore, a method for information and process modelling regarding the automation of security risk assessments has been previously designed, but not yet evaluated. This work in progress begins the evaluation of the automated security risk assessment concept by investigating the related work and identifying the main deficits. The results include a requirements analysis for the verification and an outlook towards future evaluation aspects.

引用

页码：180 / 183

页数：4

共 50 条

[41] Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems
Alanen, Jarmo
Linnosmaa, Joonas
Malm, Timo
Papakonstantinou, Nikolaos
Ahonen, Toni
Heikkila, Eetu
Tiusanen, Risto
RELIABILITY ENGINEERING & SYSTEM SAFETY, 2022, 220
[42] Documentation Requirements and Quantified versus Qualitative Audit Risk Assessments
Piercey, M. David
AUDITING-A JOURNAL OF PRACTICE & THEORY, 2011, 30 (04): : 223 - 248
[43] Evaluating automated image analysis for pinniped assessments
Das, N.
Josephson, B.
Murray, K.
INTEGRATIVE AND COMPARATIVE BIOLOGY, 2021, 61 : E1095 - E1095
[44] A REQUIREMENTS SUBLANGUAGE FOR AUTOMATED-ANALYSIS
CYRE, W
INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS, 1995, 10 (07) : 665 - 689
[45] Survey and analysis on Security Requirements Engineering
Salini, P.
Kanmani, S.
COMPUTERS & ELECTRICAL ENGINEERING, 2012, 38 (06) : 1785 - 1797
[46] Hazard analysis for security protocol requirements
Foster, N
Jacob, J
ADVANCES IN NETWORK AND DISTRIBUTED SYSTEMS SECURITY, 2001, 78 : 75 - 92
[47] Quantum Cryptography - The Analysis of Security Requirements
Niemiec, Marcin
ICTON: 2009 11TH INTERNATIONAL CONFERENCE ON TRANSPARENT OPTICAL NETWORKS, VOLS 1 AND 2, 2009, : 814 - 817
[48] Counterfactual Risk Assessments, Evaluation, and Fairness
Coston, Amanda
Mishler, Alan
Kennedy, Edward H.
Chouldechova, Alexandra
FAT* '20: PROCEEDINGS OF THE 2020 CONFERENCE ON FAIRNESS, ACCOUNTABILITY, AND TRANSPARENCY, 2020, : 582 - 593
[49] THE SECURITY ENGINEERING DESIGN PROCESS, AN EVALUATION PROCEDURE FOR PHYSICAL SECURITY REQUIREMENTS
BETTS, CP
STRUCTURES FOR ENHANCED SAFETY AND PHYSICAL SECURITY, 1989, : 61 - 72
[50] Validating effectiveness of safety requirements' compliance evaluation in process assessments
Varkoi, Timo
Makinen, Timo
Cameron, Frank
Nevalainen, Risto
JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS, 2020, 32 (03)

← 1 2 3 4 5 →