266,195 research outputs found
An Assurance Framework for Independent Co-assurance of Safety and Security
Integrated safety and security assurance for complex systems is difficult for
many technical and socio-technical reasons such as mismatched processes,
inadequate information, differing use of language and philosophies, etc.. Many
co-assurance techniques rely on disregarding some of these challenges in order
to present a unified methodology. Even with this simplification, no methodology
has been widely adopted primarily because this approach is unrealistic when met
with the complexity of real-world system development.
This paper presents an alternate approach by providing a Safety-Security
Assurance Framework (SSAF) based on a core set of assurance principles. This is
done so that safety and security can be co-assured independently, as opposed to
unified co-assurance which has been shown to have significant drawbacks. This
also allows for separate processes and expertise from practitioners in each
domain. With this structure, the focus is shifted from simplified unification
to integration through exchanging the correct information at the right time
using synchronisation activities
Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge
The Internet of Things (IoT) triggers new types of cyber risks. Therefore,
the integration of new IoT devices and services requires a self-assessment of
IoT cyber security posture. By security posture this article refers to the
cybersecurity strength of an organisation to predict, prevent and respond to
cyberthreats. At present, there is a gap in the state of the art, because there
are no self-assessment methods for quantifying IoT cyber risk posture. To
address this gap, an empirical analysis is performed of 12 cyber risk
assessment approaches. The results and the main findings from the analysis is
presented as the current and a target risk state for IoT systems, followed by
conclusions and recommendations on a transformation roadmap, describing how IoT
systems can achieve the target state with a new goal-oriented dependency model.
By target state, we refer to the cyber security target that matches the generic
security requirements of an organisation. The research paper studies and adapts
four alternatives for IoT risk assessment and identifies the goal-oriented
dependency modelling as a dominant approach among the risk assessment models
studied. The new goal-oriented dependency model in this article enables the
assessment of uncontrollable risk states in complex IoT systems and can be used
for a quantitative self-assessment of IoT cyber risk posture
Methodology for Designing Decision Support Systems for Visualising and Mitigating Supply Chain Cyber Risk from IoT Technologies
This paper proposes a methodology for designing decision support systems for
visualising and mitigating the Internet of Things cyber risks. Digital
technologies present new cyber risk in the supply chain which are often not
visible to companies participating in the supply chains. This study
investigates how the Internet of Things cyber risks can be visualised and
mitigated in the process of designing business and supply chain strategies. The
emerging DSS methodology present new findings on how digital technologies
affect business and supply chain systems. Through epistemological analysis, the
article derives with a decision support system for visualising supply chain
cyber risk from Internet of Things digital technologies. Such methods do not
exist at present and this represents the first attempt to devise a decision
support system that would enable practitioners to develop a step by step
process for visualising, assessing and mitigating the emerging cyber risk from
IoT technologies on shared infrastructure in legacy supply chain systems
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Socio-economic impact of GMOs on African consumers
The debate surrounding genetically modified organisms (GMOs) remains an important one for consumers and consumer organisations the world over, and is characterized by strong views for, and against the technology. The debate is of particular interest to Africa, where the countries are yet to embrace the new technology and where food security challenges tend to amplify the dilemma faced by decision-makers. Consumers, represented through the work of consumer organizations, are a very active and vocal constituency in this debate, as it unfolds in Africa.The objective of this paper is to inform the reader on how the consumer movement has contributed to the GMO debate in Africa in the past few years and to highlight the potential socio-economic impacts on African consumers. Firstly, the paper summarises the consumer movement and its work with the Joint Advocacy Project on GMOs; and secondly looks at the potential social, ethical and cultural impacts. Economic and environmental impacts are also discussed. The Socio-Economic Impact Assessment tool is highlighted as one of several tools to guide bio-safety decision-making policy. A few recommendations and policy implications are given at the end of the paper
- …