This paper presents and discusses an approach for evaluating and selecting methods for risk and vulnerability assessments, covering both accidental events and security issues. The approach provides guidance on the selection of one specific, suitable method for various types of decision situations, reflecting different levels of potential consequences and associated uncertainties. The evaluation addresses the various stages of the risk assessment process, covering planning, execution, and use of the risk and vulnerability analyses. An example from information and communication technology (ICT) is used to illustrate the method.
WienckeH. S.AvenT.HagenJ.A framework for selection of methodology for risk and vulnerability assessments of infrastructures depending on ICT. In Proceedings of ESREL 2006 Estoril, Portugal, 2006, pp. 2297–2304
2.
GarrickB. J.Confronting the risks of terrorism: Making the right decisions. Reliability Engng Syst. Saf., 2004, 86, 129–176
3.
AmatayakulM.Security risk analysis and management: An overview (AHIMA Practice Brief). J. AHIMA, 2003, 74(9), 72A-G
4.
DondossolaG.LamquetO.MaseraM.Emerging standards and methodological issues for the security analysis of power system information infrastructures. In Proceedings of Securing Critical Infrastructures, (CRIS 2004), Grenoble, October 2004
FallaM.Advances in safety critical systems. Results and achievements from the TI/EPSRC R&D programme in safety critical systems, June 1997, available from http://www.comp.lancs.ac.uk/computing/scs
8.
GheorgeA. V.MaseraM.WeijnenM.VriesL. D.Critical infrastructures at risk, 2006 (Springer Verlag, Dordrecht)
ISO/IEC Guide 73 Risk management vocabulary, 2002 (International Organization for Standardization, Geneva)
11.
AvenT.A unified framework for risk and vulnerability analysis and management covering both safety and security. Reliability Engng Syst. Saf., 2007, 92, 745–754
