Abstract. Security Management is a necessary process in order to obtain an accurate security policy for Information and Communication Systems (ICS). Organizations spend a lot of money and time to implement their security policy. Existing risk assessment, business continuity and security management tools are unable to meet the growing needs of the current, distributed, complex IS and their critical data and services. Identifying these weaknesses and exploiting advanced open-source technologies and interactive software tools, we propose a secure, collaborative environment (STORM) for the security management of ICS's.
The large amount of sensitive information and services that Ports' Information Systems (PIS) manage require effective security management. Existing risk assessment, business continuity and security management methodologies and standards are unable to meet the needs of the PIS responding to their complexity and criticality. Identifying these weaknesses and exploiting advanced open-source technologies and interactive software tools, we propose a secure, collaborative environment (S-Port) for the security management of PIS.
Commercial ports are large scale infrastructures which their Information and Telecommunication (PIT) systems offer critical services and host sensitive data. However the current maritime legislation or standardization efforts do not sufficiently cover the IT security of the commercial ports. Identifying these needs we propose a collaborative environment offering security management services including a targeted risk management methodology which will help commercial ports to self manage their security.
Port Information and Communication Technology (PICT) systems offer a series of critical services rendering their effective security management an issue of vital importance. Existing regulation, standardization, and risk management methodologies do not adequately address the cyber threats the dependent environment of PICT systems is exposed to. In the SPort project, we identified and addressed these needs by proposing a collaborative environment offering customized security management services targeted at the unique needs of port authorities. The success of S-Port has been deployed in three commercial ports, so as to assist them in self managing security and risks. In this paper, we present the main objectives and core functionalities of S-Port environment, as well as the overall results of its assessment.
Existing Risk Management (RM) methodologies are mainly expert driven and require a large number of interviews with the security experts, which makes rather inefficient to take into account the knowledge from all the organization's participants. In this paper we extend the STORM-RM multi-criteria group decision-making methodology. More specifically, we propose specific asset and user models, which make use of the AHP multi-criteria decision-making methodology in order to identify the organization's assets and calculate their potential security impacts.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.