Til hovedinnhold

Visualizing Cyber Security Risks with Bow-Tie Diagrams

Visualizing Cyber Security Risks with Bow-Tie Diagrams

Kategori
Tidsskriftspublikasjon
Sammendrag
Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on the contrary, design overly secure systems that will compromise the performance of critical operations. This paper presents a methodology for visualizing and assessing security risks by means of bow-tie diagrams, which are commonly used within safety assessments. We outline how malicious activities, random failures, security countermeasures and safety barriers can be visualized using a common graphical notation and propose a method for quantifying risks based on threat likelihood and consequence severity. The methodology is demonstrated using a case study from maritime communication. Our main conclusion is that adding security concepts to the bow-ties is a promising approach, since this is a notation that high-risk industries are already familiar with. However, their advantage as easy-to-grasp visual models should be maintained, hence complexity needs to be kept low.
Oppdragsgiver
  • Norges forskningsråd / 256508
Språk
Engelsk
Institusjon(er)
  • SINTEF IKT / Systemutvikling og sikkerhet
  • Norges teknisk-naturvitenskapelige universitet
  • SINTEF Ocean / Maritim
År
2018
Publisert i
Lecture Notes in Computer Science
ISSN
0302-9743
Forlag
Springer Verlag
Årgang
10744
Side(r)
38 - 56