TOOL SUPPORT FOR ACHIEVING QUALITATIVE SECURITY ASSESSMENTS OF CRITICAL INFRASTRUCTURES - The ESSAF Framework for Structured Qualitative Analysis

Nguyen Hanh Quyen, Köster Friedrich, Klaas Michael, Brenner Walter, Obermeier Sebastian, Brändle Markus

Abstract

Devices that are designed for the use in critical infrastructures demand a high level of security. Therefore, a consideration of cyber threats and security mechanisms should be done in an early state, at best at the product’s design phase. In this paper, we present a security assessment method in addition to a support tool that allows the involved participants to conduct security assessments in a reproducible and standardized way. Special for our method is the focus on the collaboration of different domain experts at various abstraction levels, which is typical for critical infrastructure device assessments.

References

  1. Braber, F., Lund, M., Seehusen, F., Stolen, K., and Vraalsen, F., 2007. CORAS Language Editor v2.0.b5, http://coras.sourceforge.net
  2. Secretariat General de la Defense Nationale, 2005. EBIOS: Expression of Needs and Identification of Security Objectives, http://www.ssi.gouv.fr/en/ confidence/ebiospresentation.html
  3. Microsoft, 2008. SDL Threat Modeling Tool v3.0, http://msdn.microsoft.com/en-us/security/ dd206731.aspx
  4. Koester, F., Nguyen, H. Q., Klaas, M., Braendler, M., Naedele, M., and Brenner, W., 2008. ESSAM: A Method for Security Assessments by Embedded Systems Manufacturers, In: 3rd International Workshop on Critical Information Infrastructures Security, Frascati (Rome), Italy.
  5. PTA Technologies, 2007. PTA Risk Assessment Tool, http://www.ptatechnologies.com/.
  6. Saitta, E., Larcom, B., and Eddington, M., 2003-2005. Trike v1.1.2a, http://www.octotrike.org
Download


Paper Citation


in Harvard Style

Hanh Quyen N., Friedrich K., Michael K., Walter B., Sebastian O. and Markus B. (2009). TOOL SUPPORT FOR ACHIEVING QUALITATIVE SECURITY ASSESSMENTS OF CRITICAL INFRASTRUCTURES - The ESSAF Framework for Structured Qualitative Analysis . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 297-304. DOI: 10.5220/0002188202970304


in Bibtex Style

@conference{secrypt09,
author={Nguyen Hanh Quyen and Köster Friedrich and Klaas Michael and Brenner Walter and Obermeier Sebastian and Brändle Markus},
title={TOOL SUPPORT FOR ACHIEVING QUALITATIVE SECURITY ASSESSMENTS OF CRITICAL INFRASTRUCTURES - The ESSAF Framework for Structured Qualitative Analysis},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={297-304},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002188202970304},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - TOOL SUPPORT FOR ACHIEVING QUALITATIVE SECURITY ASSESSMENTS OF CRITICAL INFRASTRUCTURES - The ESSAF Framework for Structured Qualitative Analysis
SN - 978-989-674-005-4
AU - Hanh Quyen N.
AU - Friedrich K.
AU - Michael K.
AU - Walter B.
AU - Sebastian O.
AU - Markus B.
PY - 2009
SP - 297
EP - 304
DO - 10.5220/0002188202970304