Abstract
Scientists have been long investigating procedures, models and tools for the risk analysis in several domains, from economics to computer networks. This paper presents a quantitative method and a tool for the security risk assessment and management specifically tailored to the context of railway transportation systems, which are exposed to threats ranging from vandalism to terrorism. The method is based on a reference mathematical model and it is supported by a specifically developed tool. The tool allows for the management of data, including attributes of attack scenarios and effectiveness of protection mechanisms, and the computation of results, including risk and cost/benefit indices. The main focus is on the design of physical protection systems, but the analysis can be extended to logical threats as well. The cost/benefit analysis allows for the evaluation of the return on investment, which is a nowadays important issue to be addressed by risk analysts.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Asis International: General Security Risk Assessment Guideline (2008), http://www.asisonline.org/guidelines/guidelinesgsra.pdf
Broder, J.F.: Risk Analysis and the Security Survey. Butterworth-Heinemann (2006)
Garcia, M.L.: Vulnerability Assessment of Physical Protection Systems. Butterworth-Heinemann (2005)
Lewis, T.G.: Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation. John Wiley, Chichester (2006)
Meritt, J.W.: A Method for Quantitative Risk Analysis (2008), http://csrc.nist.gov/nissc/1999/proceeding/papers/p28.pdf
Moteff, J.: Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences. CRS Report for Congress, The Library of Congress (2004)
Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: from dependability to security. IEEE Transactions on Dependable and Secure Computing 1(1), 48–65 (2004)
SANDIA National Laboratories: A Risk Assessment Methodology for Physical Security. White Paper (2008), http://www.sandia.gov/ram/RAM%20White%20Paper.pdf
Srinivasan, K.: Transportation Network Vulnerability Assessment: A Quantative Framework. Southeastern Transportation Center - Issues in Transportation Security (2008)
U.S. Department of Transportation: The Public Transportation Security & Emergency Preparedness Planning Guide. Federal Transit Administration, Final Report (2003)
U.S. Department of Transportation: Transit Security Design Considerations. Federal Transit Administration, Final Report (2004)
Wilson, J.M., Jackson, B.A., Eisman, M., Steinberg, P., Riley, K.J.: Securing America’s Passenger-Rail Systems. Rand Corporation (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Flammini, F., Gaglione, A., Mazzocca, N., Pragliola, C. (2009). Quantitative Security Risk Assessment and Management for Railway Transportation Infrastructures. In: Setola, R., Geretshuber, S. (eds) Critical Information Infrastructure Security. CRITIS 2008. Lecture Notes in Computer Science, vol 5508. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03552-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-03552-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03551-7
Online ISBN: 978-3-642-03552-4
eBook Packages: Computer ScienceComputer Science (R0)