By Topic

What does the Assurance Case Approach deliver for Critical Information Infrastructure Protection in cybersecurity?

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $31
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Goodger, A.C. ; Dept. of Eng., Univ. of Cambridge, Cambridge, UK ; Caldwell, N.H.M. ; Knowles, J.T.

This paper describes how the Assurance Case Approach (ACA) was applied for Cyber Security and Critical National Infrastructure resilience, using for a single asset an individual Assurance Case (AC), and for system-of-systems clustering a `Mesh' case concept. Despite its common use in the Safety domain, the ACA concept had not been applied to a dynamic situation. It allowed for Cases to be clustered using a `Mesh' Case to summarise a particular ecosystem/environment. This ACA is defined using basic elements of an assurance case ie Claim, argument and evidence - often associated with a legal analogy. Using the case study research method [27], the main methodology as stated in the paper combined the organisational learning cycle [1] with the 6-step based process based on a GSN [16] and CAE [2] notational hybrid for the construction of an argument structure. This was implemented with a CII asset, and further pilotted to demonstrate the ACA for other CII nodes [13]. The clustering using the `Mesh' cases closely aligns with Interdependency Analysis for the UK interconnected system-of-systems. Further work is required to expand the `Mesh' case principle for the 21st century information-centric ecosystem to provide a continual resilience work process framework, which eventually must include real-time inputs.

Published in:

System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on

Date of Conference:

15-18 Oct. 2012