S-Port: Collaborative security management of Port Information systems

Port Information and Communication Technology (PICT) systems offer a series of critical services rendering their effective security management an issue of vital importance. Existing regulation, standardization, and risk management methodologies do not adequately address the cyber threats the dependent environment of PICT systems is exposed to. In the SPort project, we identified and addressed these needs by proposing a collaborative environment offering customized security management services targeted at the unique needs of port authorities. The success of S-Port has been deployed in three commercial ports, so as to assist them in self managing security and risks. In this paper, we present the main objectives and core functionalities of S-Port environment, as well as the overall results of its assessment.

[1]  Diomidis Spinellis,et al.  Evaluating certificate status information mechanisms , 2000, CCS.

[2]  J. Fuller,et al.  An Integrated Framework for Assessing and Mitigating Risks to Maritime Critical Infrastructure , 2007, 2007 IEEE Conference on Technologies for Homeland Security.

[3]  Nineta Polemi,et al.  Impact Assessment Through Collaborative Asset Modeling: The STORM-RM Approach , 2013 .

[4]  Theodoros Ntouskas,et al.  STORM - Collaborative Security Management Environment , 2011, WISTP.

[5]  Myong H. Kang,et al.  Overview of the security architecture of the Comprehensive Maritime Awareness system , 2009, MILCOM 2009 - 2009 IEEE Military Communications Conference.

[6]  Χριστόφορος Γ. Μπίσιας International ship and port facility security code: εφαρμογή και αντίκτυπος στην ναυτιλία , 2003 .

[7]  Gaynor Pickavance,et al.  Risk management standards , 2010 .

[8]  Panayiotis Kotzanikolaou,et al.  Cascading Effects of Common-Cause Failures in Critical Infrastructures , 2013, Critical Infrastructure Protection.

[9]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[10]  A. Renda,et al.  Protecting Critical Infrastructure in the EU , 2010 .

[11]  Peter Fettke,et al.  Business Process Modeling Notation , 2008, Wirtschaftsinf..

[12]  Nineta Polemi,et al.  S-PORT: "A Secure, Collaborative Environment for the Security Management of Port Information Systems" , 2010, 2010 Fifth International Conference on Internet and Web Applications and Services.

[13]  Nineta Polemi,et al.  Open Issues and Proposals in the IT Security Management of Commercial Ports: The S-PORT National Case , 2012, SEC.

[14]  Nineta Polemi,et al.  Collaborative Security Management Services for Port Information Systems , 2012, DCNET/ICE-B/OPTICS.

[15]  Dimitris Gritzalis,et al.  Common Body of Knowledge for Information Security , 2007, IEEE Security & Privacy.

[16]  Thomas L. Saaty,et al.  DECISION MAKING WITH THE ANALYTIC HIERARCHY PROCESS , 2008 .

[17]  Lin Ning Security Management of the Information System , 2005 .

[18]  Panayiotis Kotzanikolaou,et al.  Risk assessment methodology for interdependent critical infrastructures , 2011 .

[19]  Nineta Polemi,et al.  Trusted collaborative services for the IT security management of SMEs/mEs , 2012, Int. J. Electron. Secur. Digit. Forensics.

[20]  Dimitris Gritzalis,et al.  Securing Transportation-Critical Infrastructures: Trends and Perspectives , 2011, ICGS3/e-Democracy.

[21]  Nineta Polemi,et al.  A Collaborative System Offering Security Management Services for SMEs/mEs , 2011, ICGS3/e-Democracy.

[22]  Roberto Setola,et al.  Critical infrastructure dependency assessment using the input-output inoperability model , 2009, Int. J. Crit. Infrastructure Prot..

[23]  Panayiotis Kotzanikolaou,et al.  Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects , 2011, CRITIS.

[24]  Friedrich Leisch,et al.  Quick, Simple and Reliable: Forced Binary Survey Questions , 2011 .

[25]  Jean-François Balmat,et al.  MAritime RISk Assessment (MARISA), a fuzzy approach to define an individual ship risk factor , 2009 .

[26]  Christopher J. Alberts,et al.  OCTAVE Method Implementation Guide Version 2.0. Volume 1: Introduction , 2001 .

[27]  Nineta Polemi,et al.  STORM-RM: a collaborative and multicriteria risk management methodology , 2012 .

[28]  Manuel Suter,et al.  An inventory of 25 national and 7 international , 2008 .