Duncan Ki-Aries
Assessing system of systems information security risk with OASoSIS.
Ki-Aries, Duncan; Faily, Shamal; Dogan, Huseyin; Williams, Christopher
Authors
Shamal Faily
Huseyin Dogan
Christopher Williams
Abstract
The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges towards the secure design and operation of SoSs. Limitations in existing literature indicates a need for discovery towards identifying a combination of concepts, models, and techniques suitable for assessing SoS security risk and related human factor concerns for SoS Requirements Engineering. In this article, we present OASoSIS, representing an information security risk assessment and modelling process to assist risk-based decision making in SoS Requirements Engineering. A characterisation process is introduced to capture the SoS context, supporting a SoS security risk assessment process that extends OCTAVE Allegro towards a SoS context. Resulting risk data provides a focused means to assess and model the SoS information security risk and related human factors, integrating tool-support using CAIRIS. A medical evacuation SoS case study scenario was used to test, illustrate, and validate the alignment of concepts, models, and techniques for assessing SoS information security risks with OASoSIS, where findings provide a positive basis for future work.
Citation
KI-ARIES, D., FAILY, S., DOGAN, H. and WILLIAMS, C. 2022. Assessing system of systems information security risk with OASoSIS. Computers and security [online], 117, article 102690. Available from: https://doi.org/10.1016/j.cose.2022.102690
Journal Article Type | Article |
---|---|
Acceptance Date | Mar 9, 2022 |
Online Publication Date | Mar 21, 2022 |
Publication Date | Jun 30, 2022 |
Deposit Date | Mar 14, 2022 |
Publicly Available Date | Mar 22, 2023 |
Journal | Computers and security |
Print ISSN | 0167-4048 |
Electronic ISSN | 1872-6208 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 117 |
Article Number | 102690 |
DOI | https://doi.org/10.1016/j.cose.2022.102690 |
Keywords | System of systems; Information security; Risk; Human factors; Requirements engineering; CAIRIS |
Public URL | https://rgu-repository.worktribe.com/output/1616148 |
Files
KI-ARIES 2022 Assessing system of systems (VOR)
(4.5 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
Copyright Statement
©2022 The Authors. Published by Elsevier Ltd.
You might also like
Programming language evaluation criteria for safety-critical software in the air domain.
(2022)
Conference Proceeding
Privacy goals for the data lifecycle.
(2022)
Journal Article
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Cybersecurity user requirements analysis: the ECHO approach.
(2022)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search