Tytuł artykułu
Wybrane pełne teksty z tego czasopisma
Identyfikatory
DOI
Warianty tytułu
Konferencja
Federated Conference on Computer Science and Information Systems (14 ; 01-04.09.2019 ; Leipzig, Germany)
Języki publikacji
Abstrakty
The Measuring Instruments Directive sets down essential requirements for measuring instruments subject to legal control in the EU. It dictates that a risk assessment must be performed before such instruments are put on the market. Because of the increasing importance of software in measuring instruments, a specifically tailored software risk assessment method has been previously developed and published. Related research has been done on graphical representation of threats by attack probability trees. The final stage is to formalize the method to prove its reproducibility and resilience against the complexity of future instruments. To this end, an inter-institutional comparison of the method is currently being conducted across national metrology institutes, while the weighing equipment manufacturers' association CECIP has provided a new measuring instrument concept, as a significant example of complex instruments. Based on the results of the comparison, a template to formalize the software risk assessment method is proposed here.
Słowa kluczowe
Rocznik
Tom
Strony
443--447
Opis fizyczny
Bibliogr. 6 poz., wykr., tab., rys.
Twórcy
autor
- Physikalisch-Technische Bundesanstalt, Abbestraße 2-12, 10587 Berlin, Germany
autor
- Physikalisch-Technische Bundesanstalt, Abbestraße 2-12, 10587 Berlin, Germany
autor
- Federal Institute of Metrology METAS, Lindenweg 50, 3003 Bern-Wabern, Switzerland
Bibliografia
- 1. “Directive 2014/32/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of measuring instruments,” European Union, Council of the European Union ; European Parliament, Directive, February 2014.
- 2. M. Esche and F. Thiel, “Software risk assessment for measuring instruments in legal metrology,” in Proceedings of the Federated Conference on Computer Science and Information Systems, Lodz, Poland, September 2015. http://dx.doi.org/http://dx.doi.org/10.15439/978-83-60810-66-8 pp. 1113–1123.
- 3. “ISO/IEC 18045:2008 Common Methodology for Information Technology Security Evaluation,” International Organization for Standardization, Geneva, CH, Standard, September 2008, Version 3.1 Revision 4.
- 4. “ETSI TS 102 165-1 Telecommunications and Internet converged Services and Protocols for Advanced Networking; Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis,” European Telecommunications Standards Institute, Sophia Antipolis Cedex, FR, Standard, March 2011, v4.2.3.
- 5. “ISO/IEC 27005:2011(e) Information technology - Security techniques - Information security risk management,” International Organization for Standardization, Geneva, CH, Standard, June 2011.
- 6. M. Esche, F. Grasso Toro, and F. Thiel, “Representation of attacker motivation in software risk assessment using attack probability trees,” in Proceedings of the Federated Conference on Computer Science and Information Systems, Prague, Czech Republic, September 2017. http://dx.doi.org/http://dx.doi.org/10.15439/2017F112 pp. 763–771.
Uwagi
1. Track 3: Network Systems and Applications
2. Technical Session: Advances in Network Systems and Applications
3. Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-35a790b2-6dd6-45ab-afc3-21f1f6a51136