Assessing system of systems information security risk with OASoSIS

Authors: Ki-Aries, D., Faily, S., Dogan, H. and Williams, C.

Journal: Computers and Security

Volume: 117

ISSN: 0167-4048

DOI: 10.1016/j.cose.2022.102690

Abstract:

The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges towards the secure design and operation of SoSs. Limitations in existing literature indicates a need for discovery towards identifying a combination of concepts, models, and techniques suitable for assessing SoS security risk and related human factor concerns for SoS Requirements Engineering. In this article, we present OASoSIS, representing an information security risk assessment and modelling process to assist risk-based decision making in SoS Requirements Engineering. A characterisation process is introduced to capture the SoS context, supporting a SoS security risk assessment process that extends OCTAVE Allegro towards a SoS context. Resulting risk data provides a focused means to assess and model the SoS information security risk and related human factors, integrating tool-support using CAIRIS. A medical evacuation SoS case study scenario was used to test, illustrate, and validate the alignment of concepts, models, and techniques for assessing SoS information security risks with OASoSIS, where findings provide a positive basis for future work.

http://eprints.bournemouth.ac.uk/37004/

Source: Scopus

Assessing system of systems information security risk with OASoSIS

Authors: Ki-Aries, D., Faily, S., Dogan, H. and Williams, C.

Journal: COMPUTERS & SECURITY

Volume: 117

eISSN: 1872-6208

ISSN: 0167-4048

DOI: 10.1016/j.cose.2022.102690

http://eprints.bournemouth.ac.uk/37004/

Source: Web of Science (Lite)

Assessing system of systems information security risk with OASoSIS

Authors: Ki-Aries, D., Faily, S., Dogan, H. and Williams, C.

Journal: Computers and Security

Volume: 117

Issue: June

ISSN: 0167-4048

Abstract:

The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges towards the secure design and operation of SoSs. Limitations in existing literature indicates a need for discovery towards identifying a combination of concepts, models, and techniques suitable for assessing SoS security risk and related human factor concerns for SoS Requirements Engineering. In this article, we present OASoSIS, representing an information security risk assessment and modelling process to assist risk-based decision making in SoS Requirements Engineering. A characterisation process is introduced to capture the SoS context, supporting a SoS security risk assessment process that extends OCTAVE Allegro towards a SoS context. Resulting risk data provides a focused means to assess and model the SoS information security risk and related human factors, integrating tool-support using CAIRIS. A medical evacuation SoS case study scenario was used to test, illustrate, and validate the alignment of concepts, models, and techniques for assessing SoS information security risks with OASoSIS, where findings provide a positive basis for future work.

http://eprints.bournemouth.ac.uk/37004/

Source: BURO EPrints