improved risk evaluation and implementation of … approach_0.pdf9 definitions §starting from...
TRANSCRIPT
![Page 1: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/1.jpg)
www.improverproject.eu@improverproject
2ND IMPROVER/ ERNCIPWORKSHOPIMPROVEDRISKEVALUATIONANDIMPLEMENTATIONOFRESILIENCECONCEPTSTOCRITICAL
INFRASTRUCTURE
DavidLange,[email protected]
![Page 2: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/2.jpg)
Assessmentofcriticalinfrastructureresilience§ There are several nationaldefinitionsof CIResilience inEurope
§ There isnoEUdefinitionof theterm
§ Mostofficial European documents refer to societal resilience§ e.g. EUStrategyforSupportingDisasterRiskReductioninDevelopingCountries
§ Relativelysmallbodyofworkfocussingonimplementationofresiliencetoinfrastructure:§ ArgonnelaboratoriesRMI§ AIICGuidelinesforcriticalinfrastructureresilienceevaluation§ Hollnagels ResilienceAssessmentGrid
§ Allrelyonasummationofdifferentlevelsofindicators
![Page 3: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/3.jpg)
Analysingresilience(1)§ Guidelinesforcriticalinfrastructures
resilienceevaluation(AIIC)§ BenchmarkResilienceTool(Resilient
Organisations)
![Page 4: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/4.jpg)
Analysingresilience(2)§ ResilienceMeasurementIndexand
InfrastructureSurveyTool(Argonne)
![Page 5: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/5.jpg)
Measuringresilience(3)§ ResilienceAssessmentGrid
![Page 6: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/6.jpg)
CriticalInfrastructureResilienceIndex(IMPROVER)§ Level1– thecrisis
managementcycle
§ Level2– genericindicators
§ Level3– given,measureableindicators§ Technological
§ Organisational
§ …
§ Level4– Sector/applicationspecific,measurableindicators
X1.2.l
...X1.2.b
Thecontext(Domain,Hazard,Situation)
A B C D E F GLevel1Given
B1Level2Given,A/NA,Additionspossible
B2
Bn
B1.1
B1.2
B1.m
Level3Mainlygiven,A/NA,Weighted,Additionspossible
Transformationofspecificindicatormetricstoprocessmaturitylevels
X1.2.a
Level4Specificindiactors
CIRIAccumulatedresilience
index
§ Cobit1. Non-existing
2. Initial/ad-hoc
3. Repeatablebutintuitive
4. Definedprocess
5. Managedandmeasurable
6. Optimised
§ Measured/Calculated
![Page 7: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/7.jpg)
Discussion§ Theintendeduseofthesemethodologiesvariessignificantly§ Comparisonagainstsimilarinfrastructuresororganisations§ Measuringtheresilienceofasingleasset§ Monitoringresilienceovertime
§ Radarcharts
§ Maturityscales
![Page 8: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/8.jpg)
IMPROVERFramework
§ WeproposeageneralframeworkforresilienceassessmentofCI,whichremainscompatiblewiththecurrentguidelinesfortheMS
§ IntegratestheparadigmofresilienceintotheRAprocessaccordingtoISO31000
§ Consistsofthreelevels,namelythe§ (a)asset (focusonindividualCIassets),§ (b)system (focusondependenciesbetweenCIassets)and§ (c)nationalor regional (focusonsocietalaspects)levels
§ Outputsriskandresiliencetreatmentplansonbothanassetandasystemlevel
§ Flexible– neitherdomainoranalysismethodologydependent
ThesuccessfulimplementationoftheconceptofresiliencetoCIreliesonitssuccessfulintegrationinexistingsecurityactivities;includingtheriskassessmentsataCIoperator,asystemandanational(orregional)level.
![Page 9: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/9.jpg)
9
Definitions§ StartingfromdefinitionsusedinISO31000forRAwemapthesetoresilience:§ Resilienceanalysisistheprocesstocomprehendandtodeterminethelevelofresilience,basedonselectedresilienceindicators
§ Resilienceevaluationistheprocessofcomparingtheresultsofresilienceanalysiswithcriteriaorobjectivestodeterminewhetherresiliencelevelisacceptableandidentifyareasforimprovement
§ Resilienceassessmentistheoverallprocessofresilienceanalysisandevaluation§ Resiliencetreatmentis theprocesstomodifyresilience,focusingontheabsorptive,adaptiveorrestorativecapacity
§ Resiliencemanagementcomprisescoordinatedactivitiestodirectandcontrolanorganisationwithregardtoitsresilience,includingtheaboveprocesses
![Page 10: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/10.jpg)
![Page 11: IMPROVED RISK EVALUATION AND IMPLEMENTATION OF … approach_0.pdf9 Definitions §Starting from definitions used in ISO 31000 for RA we map these to resilience: §Resilience analysis](https://reader033.vdocuments.us/reader033/viewer/2022050716/5e3c3651dfac3465990fefa7/html5/thumbnails/11.jpg)
ThisprojecthasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeundergrantagreementno.653390
DavidLange,[email protected]