Wyszukiwarka
Wyniki wyszukiwania dla: SECURITY REQUIREMENTS
-
Security Requirements and Controls for Incident Information Sharing in the Polish Power System
PublikacjaAmong the strategies of protecting information assets of the power system, sharing of information about current cybersecurity incidents between energy operators appears to be a prerequisite. Exchange of information leads to the effective detection of attacks and exploited vulnerabilities as well as the identification of countermeasures. This paper presents the results of continuation of our works on developing a secure and efficient...
-
Symposium on Requirements Engineering for Information Security
Konferencje -
Security-oriented agile approach with AgileSafe and OWASP ASVS
PublikacjaIn this paper we demonstrate a security enhancing approach based on a method called AgileSafe that can be adapted to support the introduction of OWASP ASVS compliant practices focused on improving security level to the agile software development process. We also present results of the survey evaluating selected agile inspired security practices that can be incorporated into an agile process. Based on the survey’s results, these...
-
Towards systemic functional safety and security management in hazardous plants
PublikacjaThe aim of this article is to identify and discuss some issues related to functional safety and security management in hazardous industrial plants. The safety functions are to be realised using the electric / electronic / programmable electronic systems (E/E/PESs) or the safety instrumented systems (SISs) that are designed and operated respectively according to IEC 61508 and IEC 61511 requirements in life cycle. Although the role...
-
Adapting Agile Practices to Security Context – Practitioners’ Perspective
PublikacjaIn this paper we explore the problem of introducing agile practices to projects dealing with systems with high security requirements. We also propose an approach based on AgileSafe method and OWASP ASVS guidelines, that could support such introduction. What is more, we present the results of two surveys aimed at analyzing IT practitioners’ views on applying agile methods to security reliant systems as well as evaluating the set...
-
Determining and verifying the safety integrity level with security aspects
PublikacjaSafety and security aspects consist of two different group of functional requirements for the control and protection systems. It is the reason why the analyses of safety and security shouldnt be integrated directly. The paper proposes extension of the currently used methods of functional safety analyses. It can be done with inclusion of the level of information security assigned to the technical system. The article addresses some...
-
Security ontology construction and integration
PublikacjaThere are many different levels on which we can examine security. Each one is different from others, all of them are dependent on the context. Hence the need to bear additional knowledge enabling efficient utilization of the knowledge by the computers. Such information can be provided by ontologies. The paper presentsgathered requirements needed to be taken into account when creating an ontology. The method of ontology creation...
-
Meeting Requirements Imposed by Secure Software Development Standards and Still Remaining Agile
PublikacjaThe paper introduces the AgileSafe method of selecting agile practices for software development projects that are constrained by assurance requirements resulting from safety and/or security related standards. Such requirements are represented by argumentation templates which explain how the evidence collected during agile practices implementation will support the conformity with the requirements. Application of the method is demonstrated...
-
Procedure based functional safety and information security management of industrial automation and control systems on example of the oil port installations
PublikacjaThe approach addresses selected technical and organization aspects of risk mitigation in the oil port installations with regard to functional safety and security requirements specified in standards IEC 61508, IEC 61511 and IEC 62443. The procedure for functional safety management includes the hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of...
-
Knowledge-based functional safety and security management in hazardous industrial plants with emphasis on human factors
PublikacjaExisting and emerging new hazards have significant potential to impact destructively operation of technical systems, hazardous plants, and systems / networks of critical infrastructure. The programmable control and protection systems play nowadays an important role in reducing and controlling risk in the process of hazardous plant operation. It is outlined how to deal with security related hazards concerning such systems to be...
-
Systems engineering approach to functional safety and cyber security of industrial critical installations
PublikacjaThis chapter addresses the systems engineering approach to integrated functional safety and cybersecurity analysis and management regarding selected references, standards and requirements concerning critical installations and their industrial automation and control system (IACS). The objective is to mitigate the vulnerability of industrial installations that include the information technology (IT) and the operational technology...
-
Systems engineering approach to functional safety and cyber security of industrial critical installations
PublikacjaThis chapter addresses the systems engineering approach to integrated functional safety and cybersecurity analysis and management regarding selected references, standards and requirements concerning critical installations and their industrial automation and control system (IACS). The objective is to mitigate the vulnerability of industrial installations that include the information technology (IT) and the operational technology...
-
Guaranteeing Threshold Attendance of W/WSAN nodes in a reverted security paradigm
PublikacjaWe consider a Wireline/Wireless Sensor and Actor Network composed of sensor/actor nodes and a data sink/command center (DSCC). Each node controls a generic device that can be in- or out-of-service, corresponding to the ENABLED or DISABLED node state. The node senses the device's intention to change state, and notifies and/or requests the DSCC for authorization to act upon the device. Motivated by requirements for critical infrastructures...
-
Determining and verifying the safety integrity level of the safety instrumented systems with the uncertainty and security aspects
PublikacjaSafety and security aspects consist of two different group of functional requirements for the control and protection systems. In the paper it is proposed that the security analysis results can be used as a factor increasing or decreasing the risk level. It concerns a process of determining required safety integrity level of given safety functions. The authors propose a new approach for functional safety risk analysis. In this case...
-
Organizational culture as prerequisite of proactive safety and security management in critical infrastructure systems including hazardous plants and ports
PublikacjaThis article addresses selected aspects of organizational culture to be considered in the context of knowledge based proactive safety and security management of plants, ports and systems of critical infrastructure. It has been often emphasized in the domain literature that business effectiveness of such plants and their resilience against hazards and threats to avoid major accidents depends substantially on human and organizational...
-
Concept of Multifactor Method and Non-Functional Requirements Solution to Increase Resilience through Functional Safety with Cybersecurity Analysis
PublikacjaIn the process of designing safety systems, an integrated approach in safety and cybersecurity analysis is necessary. The paper describes a new technique of increasing resilience through integrated analysis of functional safety and cybersecurity. It is a modeling methodology based on the combination of the multifactor method utilizing modified risk graphs, used previously for Safety Integrity Level (SIL) assessment, and the Non-Functional...
-
Standards Conformity Framework in comparison with contemporary methods supporting standards application
PublikacjaAchieving and assessing conformity with standards and compliance with various sets of requirements generates significant costs for contemporary economies. Great deal of this is spent on fulfilment of safety and security requirements. However, standards application is not supported sufficiently by the tools available on the market. Therefore, Standards Conformity Framework (SCF) containing methods and tools which provide support...
-
INTEGRATED FUNCTIONAL SAFETY AND CYBERSECURITY ANALYSIS METHOD FOR SMART MANUFACTURING SYSTEMS
PublikacjaThis article addresses integrated functional safety and cybersecurity analysis with regard to: the generic functional safety standard IEC 61508 and the cyber security standard IEC 62443 concerning an industrial automation and control system (IACS). The objective is to mitigate the vulnerability of information technology (IT) and operational technology (OT) systems, and reduce relevant risks taking into account a set of fundamental...
-
Distributed measurement system with data transmission secured using XXTEA algorithm
PublikacjaThe paper deals with wireless data transmission security in the distributed measurement and control system. An overview of cryptographic algorithms was presented paying special attention to the algorithm dedicated to units with low processing power, which is important due to minimization of energy consumption. Measurement modules equipped with simple microcontrollers send data wirelessly to the central unit. The transmission was...
-
Performance and Security Testing for Improving Quality of Distributed Applications Working in Public/Private Network Environments
PublikacjaThe goal of this dissertation is to create an integrated testing approach to distributed applications, combining both security and performance testing methodologies, allowing computer scientist to achieve appropriate balance between security and performance charakterstics from application requirements point of view. The constructed method: Multidimensional Approach to Quality Analysis (MA2QA) allows researcher to represent software...
-
A Review of Standards with Cybersecurity Requirements for Smart Grid
PublikacjaAssuring cybersecurity of the smart grid is indispensable for the reliable operation of this new form of the electricity network. Experts agree that standardised solutions and practices should be applied in the first place. In recent years many new standards for smart grids have been published, which paradoxically results in the difficulty of finding a relevant publication in this plethora of literature. This paper presents results...
-
Threat intelligence platform for the energy sector
PublikacjaIn recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence that interlinks information sharing and fine-grained situation awareness. In this paper a framework which integrates all levels of threat intelligence...
-
Analysis of human behavioral patterns
PublikacjaWidespread usage of Internet and mobile devices entailed growing requirements concerning security which in turn brought about development of biometric methods. However, a specially designed biometric system may infer more about users than just verifying their identity. Proper analysis of users’ characteristics may also tell much about their skills, preferences, feelings. This chapter presents biometric methods applied in several...
-
A Novel Multicast Architecture of Programmable Networks
PublikacjaIn the paper a multicast architecture for programmable networks based on separation of group management and network control tasks is proposed. Thanks to this separation, services which want to make use of multicast communications no longer have to implement low-level network functionalities and their operation is greatly simplified. Abstracting service’s view of the network into a fully connected cloud enables us to transparently...
-
Procedure based proactive functional safety management for the risk mitigation of hazardous events in the oil port installations including insurance aspects
PublikacjaThis article addresses selected technical and organization aspects of risk mitigation in the oil port installations with regard to functional safety requirements specified in standards IEC 61508 and IEC 61511. The procedure for functional safety management includes the hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of safety functions. Based on risk assessment results...
-
Computer -Aided Local Energy Planning Using ALEP-PL Software
PublikacjaThe issue of energy system planning, including the planning of local energy systems, is critical, since it affects the security of energy supplies in communities, regions, and consequently the security of energy supply within the country. Energy planning is a complex process that requires integration of different goals i.e. improvement of energy efficiency, increase in the share of renewables in the energy balance and CO2} emission...
-
Supporting Cybersecurity Compliance Assessment of Industrial Automation and Control System Components
PublikacjaThe chapter presents a case study demonstrating how security requirements of an Industrial Automation and Control System (IACS) component can be represented in a form of Protection Profile that is based on IEC 62443 standards and how compliance assessment of such component can be supported by explicitly representing a conformity argument in a form based on the OMG SACM meta-model. It is also demonstrated how an advanced argument...
-
Comparison and Analysis of Service Selection Algorithms
PublikacjaIn Service Oriented Architecture, applications are developed by integration of existing services in order to reduce development cost and time. The approach, however, requires algorithms that select appropriate services out of available, alternative ones. The selection process may consider both optimalization requirements, such as maximalization of performance, and constraint requirements, such minimal security or maximum development...
-
E-Voting System Evaluation Based on the Council of Europe Recommendations: nVotes
PublikacjaE-voting implantation has been facing important challenges in recent years. Several incidents, together with a lack of evaluation methodologies social and cultural customs hinder a broader application. In this work, the authors aim to contribute to a safer introduction of e-voting tools by applying a practical evaluation framework strongly based on the security requirements issued by the Council of Europe (CoE) in 2017 to nvotes,...
-
Health monitoring services based on off-the-shelf mobile devices
PublikacjaDevelopment of health monitoring systems usually involves usage of dedicated devices with provided guarantees in terms of their reliability. Those devices raise the cost of the whole system, because of which such platforms are limited only to specific areas and constrained number of users. Usage of off-the- shelf devices could lower the cost and bring those systems to the masses. The paper covers possible uses of common off-the-shelf...
-
Functional safety with cybersecurity for the control and protection systems on example of the oil port infrastructure
PublikacjaSafety and cybersecurity aspects consist of two different group of functional requirements for the industrial control and protection systems in the oil port installation. It is the main reason why the analyses of safety and cybersecurity shouldn’t be integrated directly. These article presented some important issues of the functional safety analysis with regard to cybersecurity aspects in the oil seaport infrastructure. The proposed...
-
Bezpieczeństwo funkcjonalne i ochrona informacji w obiektach i systemach infrastruktury krytycznej - analiza i ocena
PublikacjaW niniejszym rozdziale monografii przedstawiono bardzo aktualną problematykę związaną z analizą bezpieczeństwa funkcjonalnego rozproszonych systemów sterowania i automatyki zabezpieczeniowej w obiektach infrastruktury krytycznej, wykorzystujących przemysłową sieć komputerową, z uwzględnieniem zagadnień ochrony informacji. W obiektach tego typu systemy sterowania i automatyki zabezpieczeniowej są projektowane jako systemy rozproszone,...
-
Towards the value-based design of on-line services
PublikacjaThe paper identifies economic factors shaping customer bahaviour in on-line services in two interrelated dimensions; (1) economic needs and requirements, relevant to expected benefits and values perceived by customers; (2) technical components, allowing technical realization of on-line services. Technical components were cathegorized into four groups, creating so-called VIPR model: Visual, Interactive, Process and Relationship-relevant...
-
Assembling and testing of quasi-static hybrid piezoelectric motor based on electroactive lubrication principle
PublikacjaThe presented paper concerns a novel concept of hybrid piezoelectric motor based on electroactive lubrication principle. Its structure is combined of quasi-static and resonance piezoelectric actuators, synchronizing their work to generate the rotary movement. The hybrid motor topology is compared to the existing piezoelectric motors, regarding its field of applications in embedded systems with very high security requirements. The...
-
Towards a process based management system for oil port infrastructure in context of insurance
PublikacjaThis article addresses selected methodological aspects of a process based management system based on analysis of hazards and threats and risk evaluation for an oil port infrastructure in context of insurance. The oil port terminal is regarded as important system of the critical infrastructure that require careful system oriented approach to deal with integrated aspects of environmental, safety and security management to reduce...
-
LTE and NB-IoT Performance Estimation Based on Indicators Measured by the Radio Module
PublikacjaMonitoring the operating parameters of power grids is extremely important for their proper functioning as well as for ensuring the security of the entire infrastructure. As the idea of the Internet of Things becomes more ubiquitous, there are tools for monitoring the state of the complex electrical grid and means to control it. There are also developed new measuring devices and transmission technologies allowing for the transfer...
-
Functional Safety and Cybersecurity Analysis and Management in Smart Manufacturing Systems
PublikacjaThis chapter addresses some of the issues of the integrated functional safety and cybersecurity analysis and management with regard to selected references and the functional safety standards: IEC 61508, IEC 61511, ISO 13849-1 and IEC 62061, and a cybersecurity standard IEC 62443 that concerns the industrial automation and control systems. The objective is to mitigate the vulnerability of industrial systems that include the information...
-
Real-Time Sensor-Based Human Activity Recognition for eFitness and eHealth Platforms
PublikacjaHuman Activity Recognition (HAR) plays an important role in the automation of various tasks related to activity tracking in such areas as healthcare and eldercare (telerehabilitation, telemonitoring), security, ergonomics, entertainment (fitness, sports promotion, human–computer interaction, video games), and intelligent environments. This paper tackles the problem of real-time recognition and repetition counting of 12 types of...
-
A framework of open government data (OGD) e-service quality dimensions with future research agenda
PublikacjaPurpose This research paper aims to present a framework of open government data (OGD) relating to e-service quality dimensions. In addition, it provides a research agenda for the e-service delivery of OGD. Design/methodology/approach A literature review pertaining to e-service quality with special reference to e-government was delivered to deduce the key dimensions of e-service quality for OGD. Findings Five e-service quality dimensions...
-
Information-driven network resilience: Research challenges and perspectives
PublikacjaInternet designed over 40 years ago was originally focused on host-to-host message delivery in a best-effort manner. However, introduction of new applications over the years have brought about new requirements related with throughput, scalability, mobility, security, connectivity, and availability among others. Additionally, convergence of telecommunications, media, and information technology was responsible for transformation...
-
Australian Workshop on Requirements Engineering
Konferencje -
Magdalena Szuflita-Żurawska
OsobyMagdalena Szuflita-Żurawska jest kierownikiem Sekcji Informacji Naukowo-Technicznej na Politechnice Gdańskiej oraz Liderem Centrum Kompetencji Otwartej Nauki przy Bibliotece Politechniki Gdańskiej. Jej główne zainteresowania badawcze koncentrują się w obszarze komunikacji naukowej oraz otwartych danych badawczych, a także motywacji i produktywności naukowej. Jest odpowiedzialna między innymi za prowadzenie szkoleń dla pracowników...
-
International Workshop on Requirements Engineering Visualization
Konferencje -
IEEE International Requirements Engineering Conference
Konferencje -
Calibration of acoustic vector sensor based on MEMS microphones for DOA estimation
PublikacjaA procedure of calibration of a custom 3D acoustic vector sensor (AVS) for the purpose of direction of arrival (DoA) estimation, is presented and validated in the paper. AVS devices working on a p-p principle may be constructed from standard pressure sensors and a signal processing system. However, in order to ensure accurate DoA estimation, each sensor needs to be calibrated. The proposed algorithm divides the calibration process...
-
International Workshop on Comparative Evaluation in Requirements Engineering
Konferencje -
Service Oriented Computing: Consequences for Engineering Requirements
Konferencje -
Art and Healthcare - Healing Potential of Artistic Interventions in Medical Settings
PublikacjaThe stereotype of a machine for healing seems to be well rooted in common thinking and social perception of hospital buildings. The technological aspect of healthcare architecture has been influenced for several years by three major factors. The first is linked to the necessity of providing safety and security in the environment of elevated epidemiological risk. The second concerns the need for incorporating advanced technology...
-
Klaudia Skelnik dr
Osobydr Klaudia Skelnik Prodziekan Wydziału Prawa i Administracji Wyższa Szkoła Bankowa w Gdańsku, doktor nauk społecznych w dyscyplinie nauki o bezpieczeństwie, absolwent studiów MBA zarządzanie bezpieczeństwem, mgr politologii w specjalizacji ustrojowo-samorządowej, posiadająca podyplomowe wykształcenie wyższe w zakresie prawa Unii Europejskiej, Edukacji dla bezpieczeństwa, Bezpieczeństwa i Higiena Pracy oraz szereg kursów i szkoleń...
-
International Workshop on Requirements Engineering: Foundation for Software Quality
Konferencje