dc.contributor.author | Bernsmed, Karin | |
dc.contributor.author | Frøystad, Christian | |
dc.contributor.author | Meland, Per Håkon | |
dc.contributor.author | Nesheim, Dag Atle | |
dc.contributor.author | Rødseth, Ørnulf Jan | |
dc.date.accessioned | 2018-03-08T14:44:06Z | |
dc.date.available | 2018-03-08T14:44:06Z | |
dc.date.created | 2018-03-06T08:42:09Z | |
dc.date.issued | 2018 | |
dc.identifier.citation | Lecture Notes in Computer Science. 2018, 10744 38-56. | nb_NO |
dc.identifier.issn | 0302-9743 | |
dc.identifier.uri | http://hdl.handle.net/11250/2489562 | |
dc.description.abstract | Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on the contrary, design overly secure systems that will compromise the performance of critical operations. This paper presents a methodology for visualizing and assessing security risks by means of bow-tie diagrams, which are commonly used within safety assessments. We outline how malicious activities, random failures, security countermeasures and safety barriers can be visualized using a common graphical notation and propose a method for quantifying risks based on threat likelihood and consequence severity. The methodology is demonstrated using a case study from maritime communication. Our main conclusion is that adding security concepts to the bow-ties is a promising approach, since this is a notation that high-risk industries are already familiar with. However, their advantage as easy-to-grasp visual models should be maintained, hence complexity needs to be kept low. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Springer Verlag | nb_NO |
dc.title | Visualizing Cyber Security Risks with Bow-Tie Diagrams | nb_NO |
dc.type | Journal article | nb_NO |
dc.type | Peer reviewed | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.source.pagenumber | 38-56 | nb_NO |
dc.source.volume | 10744 | nb_NO |
dc.source.journal | Lecture Notes in Computer Science | nb_NO |
dc.identifier.doi | 10.1007/978-3-319-74860-3_3 | |
dc.identifier.cristin | 1570689 | |
dc.relation.project | Norges forskningsråd: 256508 | nb_NO |
dc.description.localcode | This is a post-peer-review, pre-copyedit version of an article published in [Lecture Notes in Computer Science] Locked until 19.1.2019 due to copyright restrictions. The final authenticated version is available online at: https://link.springer.com/chapter/10.1007%2F978-3-319-74860-3_3 | nb_NO |
cristin.unitcode | 194,63,10,0 | |
cristin.unitname | Institutt for datateknologi og informatikk | |
cristin.ispublished | true | |
cristin.fulltext | postprint | |
cristin.qualitycode | 1 | |