Search results

Filters

  • Journals
  • Authors
  • Keywords
  • Date
  • Type

Search results

Number of results: 8
items per page: 25 50 75
Sort by:
Download PDF Download RIS Download Bibtex

Abstract

The paper presents a new ontology-based approach to the elaboration and management of evidences prepared by developers for the IT security evaluation process according to the Common Criteria standard. The evidences concern the claimed EAL (Evaluation Assurance Level) for a developed IT product or system, called TOE (Target of Evaluation), and depend on the TOE features and its development environment. Evidences should be prepared for the broad range of IT products and systems requiring assurance. The selected issues concerning the author’s elaborated ontology are discussed, such as: ontology domain and scope definition, identification of terms within the domain, identification of the hierarchy of classes and their properties, creation of instances, and an ontology validation process. This work is aimed at the development of a prototype of a knowledge base representing patterns for evidences.
Go to article

Authors and Affiliations

Andrzej Białas
Download PDF Download RIS Download Bibtex

Abstract

The paper concerns a risk assessment and management methodology in critical infrastructures. The aim of the paper is to present researches on risk management within the experimentation tool based on the OSCAD software. The researches are focused on interdependent infrastructures where the specific phenomena, like escalating and cascading effects, may occur. The objective of the researches is to acquire knowledge about risk issues within interdependent infrastructures, to assess the usefulness of the OSCAD-based risk manager in this application domain, and to identify directions for further R&D works. The paper contains a short introduction to risk management in critical infrastructures, presents the state of the art, and the context, plan and scenarios of the performed validation experiments. Next, step by step, the validation is performed. It encompasses two collaborating infrastructures (railway, energy). It is shown how a hazardous event impacts the given infrastructure (primary and secondary eects) and the neighbouring infrastructure. In the conclusions the experiments are summarized, the OSCAD software assessed and directions of the future works identified.

Go to article

Authors and Affiliations

Andrzej Białas
Download PDF Download RIS Download Bibtex

Abstract

The paper concerns the validation of the selected issues related to the new ontology-based approach to the elaboration and management of evidences prepared by developers for the IT security evaluation process according to the Common Criteria standard. The evidences are implied by the claimed EAL (Evaluation Assurance Level) for a developed IT product or system, called TOE (Target of Evaluation). The evidences envisage the TOE features and its development environment. The validation and use of the author’s elaborated ontology are discussed, including: composing evidences for the given TOE and EAL, expressing details of evidences documents, issuing queries to get given information about model, etc. The paper also shows how the evidences are organized, developed and used. This work is aimed at the development of a prototype of a knowledge base, designed mainly for developers to allow them to compose and manage different kinds of evidences elaborated on the patterns basis. This knowledge base can be used by a software tool aiding developers who produce evaluation evidences.

Go to article

Authors and Affiliations

Andrzej Białas
Download PDF Download RIS Download Bibtex

Abstract

The paper features some aspects of providing information security and business continuity to public administration by means of an integrated computer-aided management system OSCAD. The system is based on international standards ISO/IEC 270001 and BS 25999 (ISO 22301). First, the significance of information security and business continuity issues in public administration was presented along with a short introduction to the applied standards. Then the possibilities of the OSCAD system were discussed together with the examples how the system can solve the problems encountered by public administration.

Go to article

Authors and Affiliations

Andrzej Białas
Download PDF Download RIS Download Bibtex

Abstract

The paper features a comprehensive approach to risk management worked out during the ValueSec project (EU 7th Framework Programme). The motivation for research was presented, along with the course of the research, achieved project results and validation results. The methodology of risk management and a supporting tool were developed as a result of the project. They help decision makers to make complex strategic decisions about security measures. These complex decision-related problems were the reason to launch the research. The elaborated methodology is based on three pillars: assessment of the considered security measure ability to reduce risk, costs and benefits analysis with respect to the security measure application, and analysis of legal, social, cultural, and other restrictions that might impair or even destroy the efficiency of the functioning measures. In the project these restrictions are called qualitative criteria. The main added value of the ValueSec project is the elaboration of a special software module to analyse impacts of qualitative criteria on the considered measure. Based on the methodology, a ValueSec Toolset prototype was developed. The prototype was then validated in the following application domains: mass event, railway transport security, airport and air transport security, protection against flood, and protection of smart grids against cyber-attacks.

Go to article

Authors and Affiliations

Andrzej Białas

This page uses 'cookies'. Learn more