Method and an apparatus for assessing a security of a component and a corresponding system
First Claim
1. A method for assessing a security of a component, said method comprising the steps of:
- assessing risks of said component and deriving security measures for said component;
assessing a level of implementation for each security measure, which is defined by at least one of a standard and a requirement document for said component; and
evaluating a resilience of said component against attacks directed to said component by performing test attacks against said component, said test attacks being arranged by use of test cases and by use of implementation level assessing results.
1 Assignment
0 Petitions
Accused Products
Abstract
In a method and an apparatus for assessing of security of components, in particular, of components involved in safety-critical infrastructures, the assessment of security of the safety-critical component has an assessing of risks of the respective component and deriving of security measures for the component. Further, an assessing of a level of implementation for each standardized security measure is performed defined by a standard and/or requirement document for the component as well as evaluating of a resilience of the component against attacks directed to the component by performing test attacks against the component which are arranged by use of test cases defined by use of risk assessing results, and by use of implementation level assessing results for each standardized security measure. Thus, improved assessing of the security of components is enabled which can be used, e.g., for insurance of the security of safety-critical components and infrastructures.
30 Citations
19 Claims
-
1. A method for assessing a security of a component, said method comprising the steps of:
-
assessing risks of said component and deriving security measures for said component; assessing a level of implementation for each security measure, which is defined by at least one of a standard and a requirement document for said component; and evaluating a resilience of said component against attacks directed to said component by performing test attacks against said component, said test attacks being arranged by use of test cases and by use of implementation level assessing results. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product comprising a computer readable medium storing computer executable program code which when executed on a computer performs the steps of:
-
assessing risks of said component and deriving security measures for said component; assessing a level of implementation for each security measure, which is defined by at least one of a standard and a requirement document for said component; and evaluating a resilience of said component against attacks directed to said component by performing test attacks against said component, said test attacks being arranged by use of test cases and by use of implementation level assessing results. - View Dependent Claims (10)
-
-
11. A system operable to assess a security of a component, comprising:
-
a risk assessment module, said risk assessment module being configured for assessing of risks of said component and deriving of security measures for said component; a first assessment module, said first assessment module being configured for assessing a level of implementation for each security measure, which is defined by at least one of a standard and a requirement document for said component; and a second assessment module, said second assessment module being configured for evaluating a resilience of said component against attacks directed to said component by performing test attacks against said component, said test attacks being arranged by use of test cases and by use of implementation level assessing results. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for assessing a security of a component within an infrastructure,
said apparatus comprising: -
means for assessing risks of said component and deriving security measures for said component; means for assessing of a level of implementation for each security measure, which is defined by a standard and/or requirement document for said component; and means for evaluating a resilience of said component against attacks directed to said component by performing test attacks against said component, said test attacks being arranged by use of test cases and by use of implementation level assessing results.
-
Specification