Premium
Cyber security vulnerability analysis: An asset‐based approach
Author(s) -
Baybutt Paul
Publication year - 2003
Publication title -
process safety progress
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.378
H-Index - 40
eISSN - 1547-5913
pISSN - 1066-8527
DOI - 10.1002/prs.680220408
Subject(s) - computer security , vulnerability (computing) , asset (computer security) , harm , cyber threats , process (computing) , security analysis , risk analysis (engineering) , computer science , vulnerability assessment , business , political science , law , psychology , psychological resilience , psychotherapist , operating system
This paper describes a method for identifying and analyzing threats and vulnerabilities of process plants to cyber system attacks by terrorists, saboteurs, and other criminals, and provides an example of its use. The approach considers how cyber assets can be exploited by assailants to cause harm. It defines threat events by pairing threats with cyber assets, and considers vulnerabilities to attack, existing countermeasures, and the need for new or improved countermeasures. Previous security vulnerability analysis (SVA) methods have focused on physical and personnel security. Cyber security has not been explicitly addressed. Studies using the method described can be performed as adjuncts to existing SVAs, as part of future SVAs, or as stand‐alone cyber SVAs (CSVA). The method can also be used to consider all types of security issues in a single analysis, including physical, personnel, information and cyber security, or to study any of these areas individually.