@inproceedings { , title = {Integrated design framework for facilitating systems-theoretic process analysis.}, abstract = {Systems-Theoretic Process Analysis (STPA) helps mitigate identified safety hazards leading to unfortunate situations. Usually, a systematic step-by-step approach is followed by safety experts irrespective of any software based tool-support, but identified hazards should be associated with security risks and human factors issues. In this paper, a design framework using Integrating Requirements and Information Security (IRIS) and open source Computer Aided Integration of Requirements and Information Security (CAIRIS) tool-support is used to facilitate the application of STPA. Our design framework lays the foundation for resolving safety, security and human factors issues for critical infrastructures. We have illustrated this approach with a case study based on real life Cambrian Coast Line Railway incident.}, conference = {7th Workshop on the security of industrial control systems and of cyber-physical systems (CyberICPS 2021), co-located with the 26th European symposium on research in computer security (ESORICS 2021)}, doi = {10.1007/978-3-030-95484-0\_4}, isbn = {9783030954833}, note = {INFO COMPLETE (Now published checked and updated 10/3/2022 LM; notified by contact; not yet published 17.12.2021 GB) PERMISSION GRANTED (version = AAM ; embargo = 12 months ; licence = publisher's own ; https://www.springer.com/gp/computer-science/lncs/editor-guidelines-for-springer-proceedings 17.12.2021 GB) DOCUMENT READY (rec'd AAM from contact 17.12.2021 GB) ADDITIONAL INFO: Shamal Faily Set Statement: (This version of the contribution has been accepted for publication after peer review, but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record will be available online at: https://link.springer.com/10.1007/978-3-030-95484-0\_4. Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms.)}, pages = {58-73}, publicationstatus = {Published}, publisher = {Springer}, url = {https://rgu-repository.worktribe.com/output/1456206}, keyword = {Systems-theoretic process analysis (STPA), Integrating reuirements and information security (IRIS), Computer-aided integration of requirements and information security (CAIRIS), Critical infrastructure, Safety, Systems security, Rail industry, Human-compu}, year = {2022}, author = {Altaf, Amna and Faily, Shamal and Dogan, Huseyin and Thron, Eylem and Mylonas, Alexios} editor = {Katsikas, Sokratis and Lambrinoudakis, Costas and Cuppens, Nora and Mylopoulos, John and Kalloniatis, Christos and Meng, Weizhi and Furnell, Steven and Pallas, Frank and Pohle, Jörg and Sasse, M. Angela and Abie, Habtamu and Ranise, Silvio and Verderame, Luca and Cambiaso, Enrico and Maestre Vidal, Jorge and Monge, Marco Antonio Sotelo} }