Collaboration in security assessments for critical infrastructures

Abstract

Security assessments for IT systems in critical infrastructures involve many different stakeholders. Only the combination of their knowledge can produce a comprehensive view of the system structure and of the vulnerabilities and threats to the system. In order to enable all stakeholders to update the assessment information on a regular basis, the collaboration process needs methodological and technical support. We formalize this process with regard to the ESSAM assessment method and introduce a central knowledge base that facilitates the intra-organizational collaboration between development teams for different systems.