VSE knjižnice (vzajemna bibliografsko-kataložna baza podatkov COBIB.SI)
  • Crafting organizational security policies for critical infrastructures [Elektronski vir] : an architectural approach
    Pavleska, Tanja ; Sellitto, Giovanni Paolo ; Aranha, Helder
    Critical infrastructures (CIs) are an essential enabler of a nation's well-being and span a multitude of sectors. It is critical to ensure their resilience and protection against security threats, ... straight from the design phase. Nowadays, CIs take the form of complex socio-technical systems, which rely heavily on digital technology and off-the-shelf components, introducing challenges due to non-composability of security properties. A comprehensive approach for their protection integrates physical security, cybersecurity, risk management, and collaboration with the stakeholders, as they play a key role in identifying and managing vulnerabilities and in the impact evaluation of potential security breaches. Other key requirements in the context of CIs are interoperability, automation and governance, which are often neglected in the process of crafting security policies, as this takes as input the system as-is and disregards architectural design considerations. In this paper, we propose a methodology that takes care of the inter-dependencies between security goals in a given CI and the relevant countermeasures for its subsystems. Our approach considers the relationships between the CI subsystems, focusing on organizational security objectives and the requisite countermeasures to achieve these objectives. The methodology is supported by a context-independent Reference Model for Information Assurance and Security, which can be applied across diverse critical sectors. To complement the methodology, we propose a formal language that enables the verification of the fulfillment of the security goals in a specific solution architecture. The aim is to enable and support CI security, promoting resilience and adaptability in the face of evolving threats. Leveraging the formal language, the proposed methodology can be integrated into an open-source automated tool-chain for the validation of composite systems. Through these contributions, we effectively address the unique security challenges inherent in CI, facilitating automation and interoperability to enhance security and governance in these crucial domains.
    Vir: Journal of surveillance, security and safety. - ISSN 2694-1015 (Vol. 5, 2024, str. 116-139)
    Vrsta gradiva - e-članek ; neleposlovje za odrasle
    Leto - 2024
    Jezik - angleški
    COBISS.SI-ID - 194495235

    Povezava(-e):

    https://www.oaepublish.com/articles/jsss.2023.40
    DOI

Vnos na polico