The Experts below are selected from a list of 79632 Experts worldwide ranked by ideXlab platform
François Masse - One of the best experts on this subject based on the ideXlab platform.
-
a safety security Risk analysis approach of industrial control systems
Computers & Security, 2018Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
A new approach that considers cyber security within industrial Risk analysis using a cyber bow-tie analysis
2017Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are assessed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis, with a new extended version of Attack Tree Analysis (ATA), introduced for security analysis of industrial control systems. The combined use of BT and AT provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
Towards a better industrial Risk analysis : A new approach that combines cyber security within safety
2017Co-Authors: Houssein Abdo, Jean-marie Flaus, Mohamad Kaouk, François MasseAbstract:The introduction of digital technology in industries creates new security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during safety analysis becomes an important part for effective Risk evaluation. However, nowadays, safety and security are assessed separately where they should not be. This is because a security threat can lead to the same dangerous phenomena as a safety accidental cause. In this paper, a new method that considers safety and security for probability evaluation during industrial Risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis and the Attack Tree Analysis (ATA), recently introduced for security analysis of computer control systems.The combined use of BT and AT provides an exhaustive qualitative investigation of security and safety Scenarios, and a qualitative evaluation of the likelihood of these Scenarios. The definition of BT and AT combined, and the mathematical formulas for likelihood quantification are presented. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
Hafez Abdo - One of the best experts on this subject based on the ideXlab platform.
-
a safety security Risk analysis approach of industrial control systems
Computers & Security, 2018Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
A new approach that considers cyber security within industrial Risk analysis using a cyber bow-tie analysis
2017Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are assessed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis, with a new extended version of Attack Tree Analysis (ATA), introduced for security analysis of industrial control systems. The combined use of BT and AT provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
A safety/security Risk analysis approach of industrial control systems: a cyber bowtie - combining new version of attack tree with bowtie analysis
Computers & Security, 2017Co-Authors: Hafez Abdo, Miguel Kaouk Ng, Jean-marie Flaus, Fabien MasséAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
Jean-marie Flaus - One of the best experts on this subject based on the ideXlab platform.
-
a safety security Risk analysis approach of industrial control systems
Computers & Security, 2018Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
A new approach that considers cyber security within industrial Risk analysis using a cyber bow-tie analysis
2017Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are assessed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis, with a new extended version of Attack Tree Analysis (ATA), introduced for security analysis of industrial control systems. The combined use of BT and AT provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
A safety/security Risk analysis approach of industrial control systems: a cyber bowtie - combining new version of attack tree with bowtie analysis
Computers & Security, 2017Co-Authors: Hafez Abdo, Miguel Kaouk Ng, Jean-marie Flaus, Fabien MasséAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
Towards a better industrial Risk analysis : A new approach that combines cyber security within safety
2017Co-Authors: Houssein Abdo, Jean-marie Flaus, Mohamad Kaouk, François MasseAbstract:The introduction of digital technology in industries creates new security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during safety analysis becomes an important part for effective Risk evaluation. However, nowadays, safety and security are assessed separately where they should not be. This is because a security threat can lead to the same dangerous phenomena as a safety accidental cause. In this paper, a new method that considers safety and security for probability evaluation during industrial Risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis and the Attack Tree Analysis (ATA), recently introduced for security analysis of computer control systems.The combined use of BT and AT provides an exhaustive qualitative investigation of security and safety Scenarios, and a qualitative evaluation of the likelihood of these Scenarios. The definition of BT and AT combined, and the mathematical formulas for likelihood quantification are presented. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
Mohamad Kaouk - One of the best experts on this subject based on the ideXlab platform.
-
a safety security Risk analysis approach of industrial control systems
Computers & Security, 2018Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
A new approach that considers cyber security within industrial Risk analysis using a cyber bow-tie analysis
2017Co-Authors: Hafez Abdo, Mohamad Kaouk, Jean-marie Flaus, François MasseAbstract:The introduction of connected systems and digital technology in process industries creates new cyber-security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during Risk analysis becomes an important part for effective industrial Risk evaluation. However, nowadays, safety and security are assessed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial Risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis, with a new extended version of Attack Tree Analysis (ATA), introduced for security analysis of industrial control systems. The combined use of BT and AT provides an exhaustive representation of Risk Scenarios in terms of safety and security. We then propose an approach for evaluating the Risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
-
Towards a better industrial Risk analysis : A new approach that combines cyber security within safety
2017Co-Authors: Houssein Abdo, Jean-marie Flaus, Mohamad Kaouk, François MasseAbstract:The introduction of digital technology in industries creates new security threats that can lead to undesirable safety accidents. Thus, analyzing these threats during safety analysis becomes an important part for effective Risk evaluation. However, nowadays, safety and security are assessed separately where they should not be. This is because a security threat can lead to the same dangerous phenomena as a safety accidental cause. In this paper, a new method that considers safety and security for probability evaluation during industrial Risk analysis is proposed. This approach combines Bow-Tie Analysis (BTA), commonly used for safety analysis and the Attack Tree Analysis (ATA), recently introduced for security analysis of computer control systems.The combined use of BT and AT provides an exhaustive qualitative investigation of security and safety Scenarios, and a qualitative evaluation of the likelihood of these Scenarios. The definition of BT and AT combined, and the mathematical formulas for likelihood quantification are presented. The application of this approach is demonstrated using the case study of a Risk Scenario in a chemical facility.
Heiko A Von Der Gracht - One of the best experts on this subject based on the ideXlab platform.
-
a delphi based Risk analysis identifying and assessing future challenges for supply chain security in a multi stakeholder environment
Technological Forecasting and Social Change, 2013Co-Authors: Christoph Markmann, Ingalena Darkow, Heiko A Von Der GrachtAbstract:Identifying and assessing the potential impact and likelihood of future events, which might evolve into Risks, are a prerequisite to identify future security challenges. In particular, Risks associated with global supply chains are special since they involve a multitude of international stakeholders with different perspectives on security needs and measures. Therefore, it is essential to determine which techniques and instruments are best suited for Risk assessment in complex and multi-organizational environments. The Delphi expert survey technique has proven to be a valuable instrument for long-term decision making support as well as foresight, and has a potential value for Risk assessment. We contribute to this research strand and conduct a Delphi-based Risk analysis. Our research concentrates on man-made Risks in global supply chains which are particularly uncertain in terms of type, location, and affected supply chain partners and can therefore be classified as inherently “wicked” issues, i.e. issues that are multidimensional with often unpleasant outcomes. We illustrate that Delphi research makes a fivefold contribution to Risk analysis by: (1) identifying and quantifying Risks; (2) analyzing stakeholder perceptions and worldviews; (3) stimulating a global communication process; (4) identifying weak signals, outlier opinions, and wildcards; (5) and facilitating Risk Scenario development.
