Abstract
Assurance cases have been developed to reason and communicate about the trustworthiness of systems. Recently we have also been using them to support the development of policy and to assess the impact of security issues on safety regulation. In the example we present in this paper, we worked with a safety regulator (anonymised as A Regulatory Organisation (ARO) in this paper) to investigate the impact of cyber-security on safety regulation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adelard Safety Case Development Manual: © Adelard (1998). ISBN 0 9533771 0 5
Bishop, P.G., Bloomfield, R.E.: A methodology for safety case development. In: Redmill, F., Anderson, T. (eds.) Industrial Perspectives of Safety-Critical Systems, pp. 194–203. Springer, London (1998). doi:10.1007/978-1-4471-1534-2_14
Bloomfield, R.E., Netkachova, K.: Building blocks for assurance cases. In: IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) 2014, pp. 186–191 (2014). doi:10.1109/ISSREW.2014.72
Bloomfield, R.E., Bendele, M., Bishop, P., Stroud, R., Tonks, S.: The risk assessment of ERTMS-based railway systems from a cyber security perspective: methodology and lessons learned. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds.) RSSRail 2016. LNCS, vol. 9707, pp. 3–19. Springer, Cham (2016). doi:10.1007/978-3-319-33951-1_1
Bloomfield, R.E., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40894-6_2
Bloomfield, R.E., Wetherilt, A.: Computer trading and systemic risk: a nuclear per-spective. Foresight study, The Future of Computer Trading in Financial Markets, Driver Review DR26. Government Office for Science (2012)
The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world, November 2011
Cyber Security Capability Maturity Model (CMM) – Pilot: Global Cyber Security Capacity Centre University of Oxford (2014). http://www.oxfordmartin.ox.ac.uk
US Department of Energy (DOE) Cyber-security Capability Maturity Model (BuildSecurityIn) Department of Homeland Security (2016). https://cwe.mitre.org/top25/
Acknowledgments
This work has been partially supported by the UK EPSRC project “Communicating and Evaluating Cyber Risk and Dependencies” (CEDRICS, EP/M002802/1), which is part of the UK Research Institute in Trustworthy Industrial Control Systems (RiTICS).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Bloomfield, R., Bishop, P., Butler, E., Netkachova, K. (2017). Using an Assurance Case Framework to Develop Security Strategy and Policies. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-66284-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66283-1
Online ISBN: 978-3-319-66284-8
eBook Packages: Computer ScienceComputer Science (R0)