Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

What does the Assurance Case Approach deliver for Critical Information Infrastructure Protection in cybersecurity?

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
3 Author(s)
Goodger, A.C. ; Dept. of Eng., Univ. of Cambridge, Cambridge, UK ; Caldwell, N.H.M. ; Knowles, J.T.

This paper describes how the Assurance Case Approach (ACA) was applied for Cyber Security and Critical National Infrastructure resilience, using for a single asset an individual Assurance Case (AC), and for system-of-systems clustering a `Mesh' case concept. Despite its common use in the Safety domain, the ACA concept had not been applied to a dynamic situation. It allowed for Cases to be clustered using a `Mesh' Case to summarise a particular ecosystem/environment. This ACA is defined using basic elements of an assurance case ie Claim, argument and evidence - often associated with a legal analogy. Using the case study research method [27], the main methodology as stated in the paper combined the organisational learning cycle [1] with the 6-step based process based on a GSN [16] and CAE [2] notational hybrid for the construction of an argument structure. This was implemented with a CII asset, and further pilotted to demonstrate the ACA for other CII nodes [13]. The clustering using the `Mesh' cases closely aligns with Interdependency Analysis for the UK interconnected system-of-systems. Further work is required to expand the `Mesh' case principle for the 21st century information-centric ecosystem to provide a continual resilience work process framework, which eventually must include real-time inputs.

Published in:

System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on

Date of Conference:

15-18 Oct. 2012