Open Issues and Proposals in the IT Security Management of Commercial Ports: The S-PORT National Case

Polemi, Nineta; Ntouskas, Theodoros

doi:10.1007/978-3-642-30436-1_50

Cited by 9 publications

(6 citation statements)

References 10 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Risk management international standards range from general considerations and guidelines for risk management processes (e.g., ISO, 2009aISO, , 2009b, to specific guidelines for the IT sector (e.g., ISO, 2013ISO, , 2011Peltier, 2001), and to CI dependency analysis risk assessment methodologies (e.g., Aung and Watanabe, 2009;De Porcellinis et al, 2009;Haimes et al, 2007;Hokstad et al, 2013;ISO, 2009a;Ntouskas and Polemi, 2012;Theoharidou et al, 2011;Zio and Sansavini, 2011), all the way to sector specific frameworks as, for example, in the maritime sector (e.g., Ntouskas and Polemi, 2012;Polemi and Ntouskas, 2012). Most of these standards specify framework conditions for the risk management process, but do not provide specific methodologies targeted to SC risk assessment.…”

Section: Research Efforts Towards Scra Methodologiesmentioning

confidence: 99%

“…In principle, choosing the right method and tool for risk assessment proves to be complicated. Since SCs are originating from a business context, SC risk management methods are usually quantitative and are based on monetary costs or potential impact (e.g., Giannopoulus et al, 2012;ISO, 2007;Polemi and Ntouskas, 2012). In practice, the selection of a specific risk-assessment tool is based on practical considerations, and depends on how a specific risk assessment methodology can be mapped to the extended risk assessment needs of SC.…”

Section: Research Efforts Towards Scra Methodologiesmentioning

confidence: 99%

See 1 more Smart Citation

Design and validation of the Medusa supply chain risk assessment methodology and system

Polemi

Kotzanikolaou

2018

IJCIS

Self Cite

View full text Add to dashboard Cite

Supply chains (SC) can be viewed as complex interconnected systems that play a vital role of the transportation and delivery of goods and services. SC usually involves various critical infrastructures, mainly in the transportation sector and exhibit intra-sector and cross-border dependencies with various business entities. Although efforts have been made to standardise supply chain risk assessment (SCRA) approaches, there is a lack of targeted methodologies. In our previous work (Polemi and Kotzanikolaou, 2015) we have proposed a preliminary version of the Medusa SCRA methodology, compliant with ISO28001. The primary goal of Medusa is to assess the risks of an SC rising from the interconnections and interdependencies between the various entities within it. In this paper, we significantly extend our previous work, in order to define all specific details of the Medusa SC RA, such as estimations of threat levels, consequences, risk scales, cascading risks; generation of a baseline SC security policy and identification of security controls. Furthermore, we validate our methodology based on real case scenarios, derived from the pilot operations of the Medusa project and we provide implementation details of the Medusa collaborative system which hosts the methodology and offers SC RA services to the involved BPs.

show abstract

Section: Research Efforts Towards Scra Methodologiesmentioning

confidence: 99%

Section: Research Efforts Towards Scra Methodologiesmentioning

confidence: 99%

Design and validation of the Medusa supply chain risk assessment methodology and system

Polemi

Kotzanikolaou

2018

IJCIS

Self Cite

View full text Add to dashboard Cite

show abstract

“…The various maritime standardization bodies (e.g. IMO, EMSA, EASA, TEN-T EA) do not refer in their memorandum to IT/Cyber security [9]. ICT systems security is only assessed in relation to port and ship safety.…”

Section: Port Risk Assesment Effortsmentioning

confidence: 99%

S-Port: Collaborative security management of Port Information systems

et al. 2013

Self Cite

View full text Add to dashboard Cite

Port Information and Communication Technology (PICT) systems offer a series of critical services rendering their effective security management an issue of vital importance. Existing regulation, standardization, and risk management methodologies do not adequately address the cyber threats the dependent environment of PICT systems is exposed to. In the SPort project, we identified and addressed these needs by proposing a collaborative environment offering customized security management services targeted at the unique needs of port authorities. The success of S-Port has been deployed in three commercial ports, so as to assist them in self managing security and risks. In this paper, we present the main objectives and core functionalities of S-Port environment, as well as the overall results of its assessment.

show abstract

“…Initially, namespace performs isolation and system virtualization for performing the process. It works as an identifier that links the isolated instances and other global resources [21]. Namespace segments the hostname, user, process, file system, and other related components.…”

Section: Reviews On Protection Mechansimsmentioning

confidence: 99%

Container Security: An Extensive Roadmap

Subramanian¹,

Honnavalli²,

Shylaja³

2021

Atlantis Highlights in Computer Sciences

View full text Add to dashboard Cite

The containers play a crucial role in the cloud environment during application deployment as it shares same OS kernel. It reduces resource requirements and start-up time for deploying applications by an individual organizations or users. Even though containers provide light-weight virtualization, it generates a security bottleneck for the number of dedicated resources, libraries, and applications since the container isolation is comparatively weak to the legacy VMs. In the general architec ture of container, attackers can perform privilege escalation by exploiting the kernel vulnerabilities to gain the root privilege and leaks the critical information of a system. To address the present security concerns in the container, a better security based solution is essential. In this work, an extensive analysis is performed to predict the various existing access control mechanisms used for security purposes and the challenges encountered during the architecture modeling. Some use cases are considered to ensure the fulfilment of security requirements such as container protection, inter-container protection, and host protection, and it needs to provide both software and hardware solutions. This work also includes the research problems, research gaps, and further research extensions to provide security to the containers.

show abstract

Open Issues and Proposals in the IT Security Management of Commercial Ports: The S-PORT National Case

Cited by 9 publications

References 10 publications

Design and validation of the Medusa supply chain risk assessment methodology and system

Design and validation of the Medusa supply chain risk assessment methodology and system

S-Port: Collaborative security management of Port Information systems

Container Security: An Extensive Roadmap

Contact Info

Product

Resources

About