Visualizing Cyber Security Risks with Bow-Tie Diagrams
| dc.contributor.author | Bernsmed, Karin | |
| dc.contributor.author | Frøystad, Christian | |
| dc.contributor.author | Meland, Per Håkon | |
| dc.contributor.author | Nesheim, Dag Atle | |
| dc.contributor.author | Rødseth, Ørnulf Jan | |
| dc.date.accessioned | 2018-03-08T18:16:53Z | |
| dc.date.available | 2018-03-08T18:16:53Z | |
| dc.date.created | 2018-03-06T08:42:09Z | |
| dc.date.issued | 2018-01-19 | |
| dc.identifier.citation | Lecture Notes in Computer Science. 2018, 10744 38-56. | nb_NO |
| dc.identifier.issn | 0302-9743 | |
| dc.identifier.uri | http://hdl.handle.net/11250/2489600 | |
| dc.description.abstract | Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on the contrary, design overly secure systems that will compromise the performance of critical operations. This paper presents a methodology for visualizing and assessing security risks by means of bow-tie diagrams, which are commonly used within safety assessments. We outline how malicious activities, random failures, security countermeasures and safety barriers can be visualized using a common graphical notation and propose a method for quantifying risks based on threat likelihood and consequence severity. The methodology is demonstrated using a case study from maritime communication. Our main conclusion is that adding security concepts to the bow-ties is a promising approach, since this is a notation that high-risk industries are already familiar with. However, their advantage as easy-to-grasp visual models should be maintained, hence complexity needs to be kept low. | nb_NO |
| dc.language.iso | eng | nb_NO |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/deed.no | * |
| dc.subject | Security | nb_NO |
| dc.subject | Safety | nb_NO |
| dc.subject | Risk assessment | nb_NO |
| dc.subject | Bow-tie diagrams | nb_NO |
| dc.subject | Maritime communication | nb_NO |
| dc.title | Visualizing Cyber Security Risks with Bow-Tie Diagrams | nb_NO |
| dc.type | Journal article | nb_NO |
| dc.type | Peer reviewed | nb_NO |
| dc.description.version | acceptedVersion | nb_NO |
| dc.rights.holder | Accepted manuscript © the Authors 2018 | nb_NO |
| dc.source.pagenumber | 38-56 | nb_NO |
| dc.source.volume | 10744 | nb_NO |
| dc.source.journal | Lecture Notes in Computer Science | nb_NO |
| dc.identifier.doi | 10.1007/978-3-319-74860-3_3 | |
| dc.identifier.cristin | 1570689 | |
| dc.relation.project | Norges forskningsråd: 256508 | nb_NO |
| cristin.unitcode | 7401,90,13,0 | |
| cristin.unitcode | 7566,7,0,0 | |
| cristin.unitname | Systemutvikling og sikkerhet | |
| cristin.unitname | Maritim | |
| cristin.ispublished | true | |
| cristin.fulltext | postprint | |
| cristin.qualitycode | 1 |
Tilhørende fil(er)
Denne innførselen finnes i følgende samling(er)
-
Publikasjoner fra CRIStin - SINTEF Ocean [1311]
-
SINTEF Digital [2379]
-
SINTEF Ocean [1383]
Med mindre annet er angitt, så er denne innførselen lisensiert som Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal