CYSM: An Innovative Physical/Cyber Security Management System for Ports

  • Spyridon PapastergiouEmail author
  • Nineta PolemiEmail author
  • Athanasios Karantjias
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


The goal of the paper is to describe the main results of a European research project, namely CYSM, (The authors serve as technical managers of the CYSM project.) which is oriented to address the security and safety requirements of the commercial ports’ Critical Information Infrastructures (CII). It aims to introduce an integrated security management system (for port operators) enabling asset modelling, risk analysis, anticipation/management of attacks, as well as stakeholders’ collaboration. The proposed system helps port to identify, assess and treat their security and safety problems in an efficient, harmonized and unified manner.


Security Safety Port’s risk assessment 



The authors are grateful to the E.C. Programme “Prevention, Preparedness and Consequence Management of Terrorism and other Security related Risks for the Period 2007-2013” for their support in funding the CYSM and MEDUSA projects. The authors also thank all CYSM partners (Port Institute for Studies and Co-Operation in the Valencian Region – FEPORTS, Singular Logic, Electrical, Electronics and Telecommunication Engineering and Naval Architecture Department (DITEN) - University of Genoa (UNIGE), University of Piraeus Research Centre, Piraeus Port Authority (PPA), Fundacion Valencia Port (VPF)) and Medusa parners (University of Piraeus Research Centre, Singular Logic, University of Cyprus (UCY), EUROPHAR EEIG, Austrian Institute of Technology) for their contributions.


  1. 1.
    International Maritime Organisation: International Ship and Port Facility Security Code, London, UK (2004)Google Scholar
  2. 2.
    International Standardization Organization: Ships and marine technology – Maritime port facility security assessments and security plan development, Geneva, Switzerland (2007)Google Scholar
  3. 3.
    International Standardization Organization: ISO 27001: Information Security Management System Requirements, Geneva, Switzerland (2013)Google Scholar
  4. 4.
    International Standardization Organization: ISO 27005: Information security risk management, Geneva, Switzerland (2011)Google Scholar
  5. 5.
    International Standardization Organization: ISO 28000: Specification for security management systems for the supply chain, Geneva, Switzerland (2007)Google Scholar
  6. 6.
    International Standardization Organization: ISO 28001: Security management systems for the supply chain – Best practices for implementing supply chain security, assessments and plans – Requirements and guidance, Geneva, Switzerland (2007)Google Scholar
  7. 7.
    Makrodimitris, G., Polemi, N., Douligeris, C.: Security risk assessment challenges in port information technology systems. In: Sideridis, A.B., Yialouris, C.P., Kardasiadou, Z., Zorkadis, V. (eds.) E-Democracy 2013. CCIS, vol. 441, pp. 24–36. Springer, Heidelberg (2014)Google Scholar
  8. 8.
    Papastergiou, S., Polemi, N.: Harmonizing commercial port security practices & procedures in mediterranean basin. SSMDE: Secure and Sustainable Maritime Digital Environment. IISA 2014, pp. 292–297. Springer, Heidelberg (2014)Google Scholar
  9. 9.
    Karantjias, A., Polemi, N., Papastergiou, S.: Advanced security management system for critical infrastructures. IISA 2014. 43(1), pp. 136–158. Springer, Heidelberg (2014)Google Scholar
  10. 10.
    Polemi, D., Ntouskas, T., Georgakakis, E., Douligeris, C., Theoharidou, M., Gritzalis, D.: S-Port: collaborative security management of port information systems. In: Proceedings of the 4th International Conference on Information, Intelligence, Systems and Applications (IISA-2013). IEEE Press, Greece, July 2013Google Scholar
  11. 11.
  12. 12.
    CYSM European Commission: Programme prevention, preparedness and consequence management of terrorism. CIPS (2012).
  13. 13.
    MEDUSA: Multi-order dependency approaches for managing cascading effects in ports’ global supply chain and their integration in risk assesment frameworks. European Commission, Programme Prevention, Preparedness and Consequence Management of Terrorism, CIPS (2014).
  14. 14.
    International Standardization Organization: ISO 31000: Risk Management – Principles and Guidelines, Geneva, Switzerland (2009)Google Scholar
  15. 15.
    International Standardization Organization: ISO 31010: Risk management – Risk assessment techniques, Geneva, Switzerland (2009)Google Scholar
  16. 16.
    Austrian Standards Institute: ONR 49000: Risikomanagement für Organisationen und Systeme: Begriffe und Grundlagen. Wien, Österreich (2004)Google Scholar
  17. 17.
    International Standardization Organization: ISO 20000: information technology service management. Geneva, Switzerland (2005)Google Scholar
  18. 18.
    Bundesamt für Sicherheit in der Informationstechnik. IT-Grundschutz Kataloge (2013).
  19. 19.
    The Stationery Office (TSO): Continual service improvement. ITIL V3 (2007)Google Scholar
  20. 20.
    Common Criteria Working Group: Common methodology for information technology security evaluation - evaluation methodology. CCMB-2007-09-004 (2007).
  21. 21.
    European, Commission: Regulation (EC) No 725/2004 of the European parliament and of the council of 31 March 2004 on enhancing ship and port facility security. Off. J. Eur. Union L 129(6), 6–91 (2004)Google Scholar
  22. 22.
    Alberts, C.J., Dorofee, A.: Managing Information Security Risks: The Octave Approach. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)Google Scholar
  23. 23.
    Alberts, C., Dorofee, A.: Operationally critical threat, asset, and vulnerability evaluation (Octave) method implementation guide, v2.0. Software Engineering Institute, Carnegie Mellon University (2001).
  24. 24.
    Expression of needs and identification of security objectives PREMIER MINISTRE Secrétariat général de la défense nationale Direction centrale de la sécurité des systèmes d’information Sous-direction des opérations Bureau conseil.
  25. 25.
    Clusif Methods Commission: MEHARI V3 risk analysis guide (2004)Google Scholar
  26. 26.
    EU Project Nr. IST-2000-25031: CORAS - risk assessment of security critical systems (2003).
  27. 27.
    Stoneburner, G., Goguen, A., Feringa, A.: Special publication 800-30: risk management guide for information technology systems. Technical report, National Institute of Standards and Technology, Gaithersburg (2002)Google Scholar
  28. 28.
    Information Security Assessment & Monitoring Method (ISAMM).
  29. 29.
    Insight Consulting: CRAMM User Guide, Issue 5.1, United Kingdom (2005)Google Scholar
  30. 30.
    Ntouskas, T., Polemi, N.: STORM-RM: collaborative and multicriteria risk management methodology. Int. J. Multicriteria Decis. Mak. 2(2), 159–177 (2012)CrossRefGoogle Scholar
  31. 31.
    Ntouskas, T., Polemi, N.: Collaborative security management services for port information systems. DCNET/ICE-B/OPTICS, pp. 305–308 (2012)Google Scholar
  32. 32.
    Balmat, J.-F., Lafont, F., Maifret, R., Pessel, N.: MAritime RISk Assessment (MARISA), a fuzzy approach to define an individual ship risk factor. Ocean Eng. 36(15), 1278–1286 (2009). doi: 10.1016/j.oceaneng.2009.07.003 CrossRefGoogle Scholar
  33. 33.
    SAFESEANET, a European platform for maritime data exchange between member states’ maritime authorities, is a network/internet solution based on the concept of a distributed database.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of InformaticsUniversity of PireausPireausGreece
  2. 2.Information Management DepartmentSingularLogic S.A.Nea Ionia, AthensGreece

Personalised recommendations