Abstract
Critical Information Infrastructure has become a priority for all levels of management, It is one of the key components of efficient business and business continuity plans. There is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. CIIP-RAM, is a new security risk analysis method which copes with the shift from computer/information security to critical information infrastructure protection. This type of methodology is the next step toward handling information technology security risk at all levels from upper management information security down to firewall configurations. The paper will present the methodology of the new techniques and their application to critical information infrastructure protection. The associated advantages of this methodology will also be discussed.
Chapter PDF
Similar content being viewed by others
References
Baskerville, R. (1993). Information Systems Security Design Methods: Implications for Information Systems Development. ACM Computing Surveys 25(4): 375–414.
Beer, S. (1984). The Viable System Model: its provenance, development, methodology and pathology., Eds. Espejo, R. and Harnden, R., John Wiley, Chichester, UK.
Busuttil, T. B. and Warren, M. J., (2001a). An Information Warfare Protection Method. Conference Proceedings of EUROMEDIA 2001, SCS, Valencia, Spain.
Busuttil, T. B. and Warren, M. J. (2001b). Intelligent Agents and Their Information Warfare Implications. Conference Proceedings of the 2nd Australian Information Warfare & Security Conference 2001, We-Bcentre, Perth, Australia.
Busuttil, T. B. and Warren, M. J. (2002). A Conceptual Approach to Information Warfare Security Risk Analysis, Conference Proceedings of the 2 nd European Conference on Information Warfare, London, UK.
Cramer, M. L. (1997). Measuring the Value of Information. NCSA InfoWarCon 97, USA.
Cramer, M. L. (1998). Information Warfare: A Consequence of the Information Revolution. The Information Revolution: Current and Future Consequences. A. L. Porter and W. H. Read, Ablex Publishing Corp, USA.
Davey, J. (2002). Comment made at ‘Information Warfare’ Workshop, 3rd Australian Information Warfare & Security Conference 2002, We-Bcentre, Perth, Australia.
Forte. (2000). “Information Security Assessment: Procedures and Methodology.” Computer Fraud & Security 2000(8): 9–12.
Hoffer, J. A., George J. F., Valacich, J. S., (2002), Modern Systems Analysis and Design, Prentice Hall, New Jersey, USA.
Hutchinson, W. and Warren, M. J., (2001). Information Warfare-Corporate Attack and Defence in a Digital World. Butterworth-Heinemann, Oxford, UK.
Johnson, L. S., (1997). Toward a Functional Model of Information Warfare. Studies in Intelligence 1(1).
Johnson and Scholes (1999). Exploring corporate strategy, Prentice Hall Europe.
Libicki, M., (2000). The Future of Information Security, Institute for National Strategic Studies: 10, USA.
Malone, J., (2002). Comment made at ‘Information Warfare’ Workshop, 3rd Australian Information Warfare & Security Conference 2002, We-Bcentre, Perth, Australia.
Molander, R. C., Riddile, A. S. and Wilson, P. A., (1996). Strategic Information Warfare: A New Face of War. RAND Corporation, Washington, USA.
Mumford, E., Henshall, D., (1979), A Participative Approach to Computer Systems Design, Associated Business Press, London, UK.
NCS., (1996). Risk Assessment: A Nation’s Information at Risk. Arlington, Virginia, National Communications System, USA.
Neumann, (1995). Computer Related risks, Addison-Wesley.
NIPC., (1996). Critical Infrastructures, National Infrastructure Protection Center-US Government. USA.
Nosworthy (2000). “A Practical Risk Analysis Approach: managing BCM risk.” Computers & Security, 19(7): 596–614.
O’Mahony, D., Peirce, M. and Tewari, H. (1997), Electronic Payment Systems, Artech House Inc.
Pfleeger (1997). Security in Computing, Prentice Hall Int.
Pressman (2001). Software engineering: A practitioner’s approach, McGraw-Hill.
Sutcliffe (1988). Human-Computer Interface Design, Macmillan Education.
Vidalis, S. and Blyth, A. (2002). Understanding and Developing a Threat assessment Model, Conference Proceedings of the 2 nd European Conference on Information Warfare, London, UK.
Wood (1997). “Policies alone do not constitute a sufficient awareness effort.” Computer Fraud & Security 1997(12): 14–19.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this paper
Cite this paper
Busuttil, T.B., Warren, M.J. (2004). CIIP-RAM- A Security Risk Analysis Methodology for Critical Information Infrastructure Protection. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Information Security Management, Education and Privacy. IFIP International Federation for Information Processing, vol 148. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8145-6_3
Download citation
DOI: https://doi.org/10.1007/1-4020-8145-6_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8144-6
Online ISBN: 978-1-4020-8145-3
eBook Packages: Springer Book Archive