Methodology for Experimental ICT Industrial and Critical Infrastructure Security Tests [chapter]

Igor Nai Fovino, Marcelo Masera
2008 Lecture Notes in Computer Science  
The security assessment of the ICT components of critical infrastructures is nowadays a prominent problem. Risk assessment methodologies require, in order to be effective, to be fed with data regarding the functioning and the behavior of the system under analysis, the potential vulnerabilities, the results and the effects of the possible cyber-attacks etc. Unfortunately the availability of security data coming from the field is scarce, mainly due to business confidentiality reasons. Therefore,
more » ... here is an urgent need for alternative data sources. The solution is to conduct security experiments, with off-line systems or in laboratories with realistic emulation of the target systems. In this paper we present a methodology that defines, step by step, how to conduct, in a systematic and rigorous way, experimental ICT security tests. 2009 International Conference on Availability, Reliability and Security 978-0-7695-3564-7/09 $25.00
doi:10.1007/978-3-540-89900-6_28 fatcat:bcolmjainndvxe6ovy6mmqw2cm