Skip to main content
SpringerLink
Log in
Book cover

International Conference on e-Democracy

e-Democracy 2013: E-Democracy, Security, Privacy and Trust in a Digital World pp 24–35Cite as

Security Risk Assessment Challenges in Port Information Technology Systems

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 441))

Abstract

Port Information Technology Systems are of critical importance for the uninterrupted and effective operation of commercial ports. However, as shown in this paper the current safety and security approaches have several weaknesses and they are not thoroughly harmonized with the current demanding global collaborative environment. An analysis of the major current risk assessment methodologies shows that they aim to identify risks through resources (time, manpower, cost), which are time and resource consuming procedures and their results depend not only on the specific characteristics of the entity analyzed but also on the quantitative or the qualitative approach of the methodology. This paper concludes that current risk assessment methodologies demand significant parameterization and suggest the development of a new approach with less complexity that will sufficiently cover the identified weaknesses.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Adler, R., Fuller, J.: An integrated framework for assessing and mitigating risks to maritime critical infrastructure. In: Proceedings of IEEE Conference on Technologies for Home-land Security, pp. 252–257 (2007)

    Google Scholar 

  2. Alberts, C., Dorofee, A.: Operationally critical threat, asset, and vulnerability evaluation (OCTAVE) method implementation guide, v2.0. Software Engineering Institute, Carnegie Mellon University (2001). http://www.cert.org/octave/

  3. Balmat, J., Lafont, F., Maifret, R., Pessel, N.: MAritime RISk Assessment (MARISA), a fuzzy approach to define an individual ship risk factor. Ocean Eng. 36(15–16), 1278–1286 (2009)

    Article  Google Scholar 

  4. BSI Standard 100-1: Information Security Management Systems (ISMS) (2005). www.bsi.bund.de

  5. BSI Standard 100-2.: IT - Grundszchutz methodology (2005). www.bsi.bund.de

  6. BSI Standard 100-3: Risk analysis based on IT–Grundszchutz (2005). www.bsi.bund.de

  7. Club de la Securite de L’ information Francais Methods Commision: Mehari 2010: Risk analysis and treatment Guide, France, August 2010 (2010). http://www.clusif.asso.fr/fr/production/ouvrages/pdf/MEHARI-2010-Risk-Analysis-and-Treatment-Guide.pdf

  8. Crespo, F., Gomez, M., Candau, J., Manas, J.A.: MAGERIT – Version 2, Methodology for Information Systems Risk Analysis and Management, Books I – The Method. Ministerio de Administraciones Publicas, Madrid (2006)

    Google Scholar 

  9. Crespo, F., Gomez, M., Candau, J., Manas, J.A.: MAGERIT – Version 2, Methodology for Information Systems Risk Analysis and Management, Book III – Techniques. Ministerio de Administraciones Publicas, Madrid (2006)

    Google Scholar 

  10. Crespo, F., Gomez, M., Candau, J., Manas, J.A.: MAGERIT – Version 2, Methodology for Information Systems Risk Analysis and Management, Book II – Catalogue of Elements. Ministerio de Administraciones Publicas, Madrid (2006)

    Google Scholar 

  11. Downs, Β.: The maritime security risk analysis model. In: USCG Proceedings of the Marine Safety and Security Council (2007). http://www.uscg.mil/proceedings/

  12. Ebios: Expression of Needs and Identification of Security Objectives Premier Ministre Secrétariat général de la défense nationale Direction centrale de la sécurité des systèmes d’information Sous-direction des opérations Bureau conseil (2010). www.ssi.gouv.fr

  13. El Fray, I.: A comparative study of risk assessment methods, MEHARI & CRAMM with a new formal model of risk assessment (FoMRA) in information systems. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 428–442. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  14. Elachgar, H., Regragui, B.: Information Security, new approach. In: Conference on Innovative Computing Technology (INTECH). IEEE (2012)

    Google Scholar 

  15. Analysis of cyber security aspects in the maritime sector. ENISA report (2011). http://www.enisa.europa.eu/act/res/other-areas/cyber-security-aspects-in-the-maritime-sector/cyber-security-aspects-in-the-maritime-sector-1. Accessed 4 Mar 2014

  16. Insight Consulting: CRAMM User Guide. Issue 5.1, United Kingdom (2005)

    Google Scholar 

  17. ISAMM - Information Security Assessment & Monitoring Method (2002). http://www.telindus.com

  18. ISO/IEC:17799: Information technology - security techniques - code of practice for information security management (2005). http://www.iso.org

  19. ISO/IEC:27002: Information technology - security techniques - code of practice for information security management (2005). http://www.iso.org

  20. ISO/IEC:27005: Information technology - Security techniques - Information Security Risk Management (2008). http://www.iso.org

  21. ISO/IEC:27001: Information technology - Security techniques - Specification for an Information Security Management System (2005). http://www.iso.org

  22. López, D., Pastor, O., García Villalba, L.J.: Dynamic risk assessment in information systems: state-of-the-art. In: ICIT 2013, South Africa (2013)

    Google Scholar 

  23. Maritime Domain Awareness Data Sharing Community of Interest (MDA DS COI). Data Management Working Group, Spiral 2, Vocabulary Handbook Version 2.0.2 (2007). http://www.uscg.mil/acquisition/nais/RFP/SectionJ/MDA-COI-vocab.pdf

  24. National Institute for Standards and Technology: Risk management guide for information technology systems. NIST Special Publication 800-30, USA (2002)

    Google Scholar 

  25. Ntouskas, T., Polemi, N.: A secure, collaborative environment for the security management of port information systems. In: Proceedings of the 5th International Conference on the Internet and Web Applications and Services, pp. 374–379. IEEE Press, Spain (2010a)

    Google Scholar 

  26. Ntouskas, T., Polemi, N.: Collaborative security management services for Port Information Systems. In: Proceedings of International Conference on e-Business, pp. 305–308. SciTePress, Italy (2012a)

    Google Scholar 

  27. Ntouskas, T., Polemi, N.: STORM-RM: a collaborative and multicriteria risk management methodology. Int. J. Multicriteria Decis. Making 2(2), 159–177 (2012)

    Article  Google Scholar 

  28. Ntouskas, T., Polemi, N.: STORM-RA: an implemented, collaborative, multicriteria decision making risk assessment methodology. In: 7th Meeting Multicriteria Decision Analysis, Greece (2010b)

    Google Scholar 

  29. OCTAVE Method Implementation Guide Version 2.0. Carnegie Mellon University, June 2001 (2010). http://www.cert.org/octave/

  30. Polemi, N.: Security management of the ports’ information systems. ENISA project (2013). http://www.enisa.europa.eu. Accessed 4 Mar 2014

  31. Polemi, N., Ntouskas, T.: Open issues and proposals in the IT security management of commercial ports: the S-PORT national case. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 567–572. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  32. Syalim, A., Hori, Y., Sakurai, K.: Comparison of risk analysis methods: Mehari, Magerit, NIST800-30 and Microsoft’s Security Management Guide. In: International Conference on Availability, Reliability and Security (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, University of Piraeus, 80, Karaoli & Dimitriou St., 185 34, Piraeus, Greece

    Georgios Makrodimitris, Nineta Polemi & Christos Douligeris

Authors
  1. Georgios Makrodimitris
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nineta Polemi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christos Douligeris
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Georgios Makrodimitris .

Editor information

Editors and Affiliations

  1. Agricultural University of Athens, Athens, Greece

    Alexander B. Sideridis

  2. Hellenic Data Protection Authority, Athens, Greece

    Zoe Kardasiadou

  3. Agricultural University of Athens, Athens, Greece

    Constantine P. Yialouris

  4. Hellenic Data Protection Authority, Athens, Greece

    Vasilios Zorkadis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Makrodimitris, G., Polemi, N., Douligeris, C. (2014). Security Risk Assessment Challenges in Port Information Technology Systems. In: Sideridis, A., Kardasiadou, Z., Yialouris, C., Zorkadis, V. (eds) E-Democracy, Security, Privacy and Trust in a Digital World. e-Democracy 2013. Communications in Computer and Information Science, vol 441. Springer, Cham. https://doi.org/10.1007/978-3-319-11710-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11710-2_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11709-6

  • Online ISBN: 978-3-319-11710-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation