Requirements Analysis for the Evaluation of Automated Security Risk Assessments

被引：0

作者：

Ehrlich, Marco ^{[1
]}

Lukas, Georg ^{[2
]}

Trsek, Henning ^{[1
]}

Jasperneite, Juegen ^{[3
]}

Kastner, Wolfgang ^{[4
]}

Diedrich, Christian ^{[5
]}

机构：

[1] OWL Univ Appl Sci & Arts, InIT Inst Ind IT, D-32657 Lemgo, Germany

[2] Rt Solut De GmbH, Ind Secur, D-50968 Cologne, Germany

[3] Fraunhofer IOSB INA, D-32657 Lemgo, Germany

[4] TU Wien Informat, A-1040 Vienna, Austria

[5] Otto von Guericke Univ, D-39106 Magdeburg, Germany

来源：

2024 IEEE 20TH INTERNATIONAL CONFERENCE ON FACTORY COMMUNICATION SYSTEMS, WFCS | 2024年

关键词：

Industry; 4.0; Security; Risk Assessment; Automation; Requirements; Evaluation; Verification; SAFETY;

D O I：

10.1109/WFCS60972.2024.10540830

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The overall Industry 4.0 developments and the highly dynamic threat landscape enhance the need for continuous security engineering of industrial components, modules, and systems. Security risk assessments play a major role to ensure a secure operation of Industrial Automation and Control Systems (IACSs) but are mostly neglected due to missing resources and a lack of human experts for the sophisticated manual tasks. Therefore, a method for information and process modelling regarding the automation of security risk assessments has been previously designed, but not yet evaluated. This work in progress begins the evaluation of the automated security risk assessment concept by investigating the related work and identifying the main deficits. The results include a requirements analysis for the verification and an outlook towards future evaluation aspects.

引用

页码：180 / 183

页数：4

共 50 条

[31] Using Security and Domain ontologies for Security Requirements Analysis
Souag, Amina
Salinesi, Camille
Wattiau, Isabelle
Mouratidis, Haris
2013 IEEE 37TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSACW), 2013, : 101 - 107
[32] Methodology for security risk assessments-is there a best practice?
Maal, M.
Busmundrud, O.
Endregard, M.
RISK, RELIABILITY AND SAFETY: INNOVATING THEORY AND PRACTICE, 2017, : 860 - 866
[33] Assessment of Risk Perception in Security Requirements Composition
Hibshi, Hanan
Breaux, Travis D.
Broomell, Stephen B.
2015 IEEE 23RD INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2015, : 146 - 155
[34] Assessing Security Risk and Requirements for Systems of Systems
Ki-Aries, Duncan
2018 IEEE 26TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE 2018), 2018, : 454 - 459
[35] Comparison of risk-based and deterministic security assessments
Kirschen, D. S.
Jayaweera, D.
IET GENERATION TRANSMISSION & DISTRIBUTION, 2007, 1 (04) : 527 - 533
[36] Experimental Evaluation of Security Requirements Engineering Benefits
Boutahar, Jaouad
Maskani, Ilham
El Ghazi El Houssaini, Souhail
INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2018, 9 (11) : 411 - 415
[37] Security Evaluation of Authentication Requirements in IoT Gateways
Gomes, Diego R. R.
Lins, Fernando A. Aires
Nobrega, Obionor O. O.
Felix, Eduardo F. F.
Jesus, Bruno A. A.
Vieira, Marco
JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2023, 31 (04)
[38] AN EVALUATION OF SECURITY REQUIREMENTS BASED ON THE CAPABILITY MODEL
MORIZUMI, T
NAGASE, H
TAKENAKA, T
YAMASHITA, K
IEICE TRANSACTIONS ON COMMUNICATIONS ELECTRONICS INFORMATION AND SYSTEMS, 1991, 74 (08): : 2160 - 2165
[39] Security Evaluation of Authentication Requirements in IoT Gateways
Diego R. Gomes
Fernando A. Aires Lins
Obionor O. Nóbrega
Eduardo F. Felix
Bruno A. Jesus
Marco Vieira
Journal of Network and Systems Management, 2023, 31
[40] Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems
Alanen, Jarmo
Linnosmaa, Joonas
Malm, Timo
Papakonstantinou, Nikolaos
Ahonen, Toni
Heikkilä, Eetu
Tiusanen, Risto
Reliability Engineering and System Safety, 2022, 220

← 1 2 3 4 5 →