Risk management for critical infrastructure protection (CIP) challenges, best practices & tools

Abstract

Risk management (RM) has become increasingly important in dealing with information and IT security over the past several years. This article aims at discussing the major challenges facing critical infrastructure protection (CIP) RM, and outlines several methods and best practice guidelines that can be used to cope with it, including: creating a RM framework and RM measurement criteria; usage of advanced risk analysis (RA) methods, and adoption of CIP models that can be used for RA; and development and implementation of RM tools. Use of RM tools can play a major role in this process, as it can raise the efficiency of RM activities, and decrease reliance on any individual RA specialist's knowledge. The contribution of such tools is even greater, when dealing with critical infrastructures; as it is very difficult for a single specialist to cope with the diversity and complexity of CIP risk assessment.