Article: A process-based dependency risk analysis methodology for critical infrastructures Journal: International Journal of Critical Infrastructures (IJCIS) 2017 Vol.13 No.2/3 pp.184 - 205 Abstract: This paper applies research in dependency modelling to a process-based risk assessment methodology suitable for critical infrastructures. The proposed methodology dynamically assesses the evolution of cascading failures over time between assets involved in a business process of an infrastructure. This approach can be applied by a CI operator/owner to explore how a failure in a single component (asset) affects the other assets and relevant business processes. It could also be applied in an analysis that includes multiple CI operators in the same supply chain to explore the dependencies between their assets and explore how these affect the provision of key societal services. The paper presents a proof-of-concept tool, based on business-process risk assessment and graph modelling, and a realistic case example of a rail scheduling process. The approach allows risk assessors and decision makers to analyse and identify critical dependency chains and it can reveal underestimated risks due to dependencies. Inderscience Publishers - linking academia, business and industry through research

Title: A process-based dependency risk analysis methodology for critical infrastructures

Authors: George Stergiopoulos; Vasilis Kouktzoglou; Marianthi Theocharidou; Dimitris Gritzalis

Addresses: Department of Informatics, Athens University of Economics and Business, 76 Patission Ave., GR-10434, Athens, Greece ' Department of Informatics, Athens University of Economics and Business, 76 Patission Ave., GR-10434, Athens, Greece ' European Commission, Joint Research Centre (JRC), Directorate E. via E. Fermi, 2749, I-21027, Ispra (VA), Italy ' Department of Informatics, Athens University of Economics and Business, 76 Patission Ave., GR-10434, Athens, Greece

Abstract: This paper applies research in dependency modelling to a process-based risk assessment methodology suitable for critical infrastructures. The proposed methodology dynamically assesses the evolution of cascading failures over time between assets involved in a business process of an infrastructure. This approach can be applied by a CI operator/owner to explore how a failure in a single component (asset) affects the other assets and relevant business processes. It could also be applied in an analysis that includes multiple CI operators in the same supply chain to explore the dependencies between their assets and explore how these affect the provision of key societal services. The paper presents a proof-of-concept tool, based on business-process risk assessment and graph modelling, and a realistic case example of a rail scheduling process. The approach allows risk assessors and decision makers to analyse and identify critical dependency chains and it can reveal underestimated risks due to dependencies.

Keywords: risk assessment; business process; asset; dependency; cascading failures; risk chains; likelihood; impact; critical infrastructure.

DOI: 10.1504/IJCIS.2017.088231

International Journal of Critical Infrastructures, 2017 Vol.13 No.2/3, pp.184 - 205

Received: 29 Nov 2016
Accepted: 11 Apr 2017
Published online: 30 Nov 2017 *

Title: A process-based dependency risk analysis methodology for critical infrastructures

Keep up-to-date