Risk analysis and risk management in critical infrastructures

Μοτάκη, Κατερίνα; Motaki, Katerina

dc.contributor.advisor	Λαμπρινουδάκης, Κωνσταντίνος
dc.contributor.author	Μοτάκη, Κατερίνα
dc.contributor.author	Motaki, Katerina	en
dc.date.accessioned	2017-07-03T10:50:06Z
dc.date.available	2017-07-03T10:50:06Z
dc.date.issued	2016-12
dc.identifier.uri	https://dione.lib.unipi.gr/xmlui/handle/unipi/9741
dc.format.extent	227	el
dc.language.iso	en	el
dc.publisher	Πανεπιστήμιο Πειραιώς	el
dc.rights	Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές	*
dc.rights.uri	http://creativecommons.org/licenses/by-nc-nd/4.0/	*
dc.title	Risk analysis and risk management in critical infrastructures	el
dc.type	Master Thesis	el
dc.contributor.department	Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών Συστημάτων	el
dc.description.abstractEN	Cyber Physical Systems (CPS) are evolutionary development of embedded systems, into interconnected systems, taking advantage of network technologies to enhance systems’ functionality and efficiency. They are considered as Systems of systems. They are used in different industrial sectors and Critical Infrastructures (CI), energy sector, extensively applied in Smart Grids, water supply systems and hazardous environments. They provide effective system management and enhanced accuracy. However, they inherit both vulnerabilities of IP technology and physical systems and they are characterized by increased risk due to complexity, nature and their critical importance. During design phase, but also periodically during CPS lifetime, Risk Analysis (RA) is conducted in order to achieve and maintain a high security level. Such a security level is achieved by utilizing effective countermeasures or through adaptation in accordance to specific conditions, system changes and new threat discovery. RA aims at identifying what can go wrong, its causes, relevant probabilities, assets affected, consequences, estimate risks and set priorities for the protection of valuable assets, while setting guidelines for proper policies and countermeasures’ selection. Risk assessment involves the integration of threat, vulnerability, and consequence information. Risk management (RM) involves deciding which protective measures to take, based on an agreed risk reduction strategy. Many models/methodologies have been developed by which threats, vulnerabilities, and risks are integrated and then used to inform the allocation of resources to reduce those risks. The current thesis presents a survey of RA and RM methods and methodologies applied in CPS domain. Some have already been widely applied, trusted and accepted, while some theoretical propositions are presented too. Most of existing techniques have not been developed with CPS characteristics in mind, though they are considered suitable or suggested for such usage. A set of criteria is developed for RA and RM methodologies comparison and evaluation. Advantages and disadvantages of each one are presented. Furthermore, an overall comparative presentation is attempted and general conclusions are made. Moreover, some frameworks and standards are presented in order to provide an overview of some of the most common conceptualizations of Risk. More specifically, RA and RM methodologies will be evaluated in order to decide which one is more suitable for Critical Infrastructures. Current thesis presents methods advantages and disadvantages and evaluates them against a detailed set of comparison and evaluation criteria. In conclusion estimation about appropriateness for appliance in CPS environment is made, while in parallel specifications for relevant methodologies development, fulfilling special requirements is set. Criteria used not only apply to traditional RA methodologies stages like asset, threat and vulnerability identification but are oriented to requirements arising from CPS character and consider special CPS characteristics like dependencies, robustness, resilience and criticality. Finally, in the conclusion of the thesis a comparison between two methodologies of risk management take place. More specifically, these methodologies will be examined in a general hospital use case. The point in this comparison is to decide which one is the most appropriate for Critical Infrastructures, such as a hospital.	el
dc.contributor.master	Τεχνοοικονομική Διοίκηση και Ασφάλεια Ψηφιακών Συστημάτων	el
dc.subject.keyword	Hospitals	el
dc.subject.keyword	Risk analysis	el
dc.subject.keyword	Risk management	el
dc.subject.keyword	Cyber Physical Systems (CPS)	el

Αρχεία σε αυτό το τεκμήριο

Name:: Motaki_Katerina.pdf
Μέγεθος:: 5.285Mb
Τύπος:: PDF
Description:: Μεταπτυχιακή διατριβή

Προβολή/Άνοιγμα

Αυτό το τεκμήριο εμφανίζεται στις ακόλουθες συλλογές

Τμήμα Ψηφιακών Συστημάτων
Department of Digital Systems

Εμφάνιση απλής εγγραφής

Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές

Εκτός από όπου διευκρινίζεται διαφορετικά, το τεκμήριο διανέμεται με την ακόλουθη άδεια:
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές