Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure
Staalduinen, van, Mark Adrian
Faculty of Applied Economics
Reliability engineering and system safety. - Barking
, p. 23-34
This article proposes a quantitative security risk assessment methodology that can assist management in the decision-making process where and when to protect critical assets of a chemical facility. An improvement upon previous work is the approach of conducting concurrent Threat and Vulnerability Assessments, as opposed to a sequential approach. Furthermore, this method introduces a Bow Tie risk model mapped into a Bayesian Network model that allows for various logical relaxation assumptions to be applied. Different uncertainty relaxation approaches such as Noisy-OR and Leaky Noisy-OR and Noisy-AND are tested to improve Threat and Vulnerability likelihood. Finally, integrating threat/vulnerability likelihood with potential losses, the security risk is quantified. The potential security countermeasures are characterized into either decreasing vulnerability or decreasing threat likelihood and are reassessed considering a cost analysis. A theoretical case study is conducted to exemplify the execution and application of the proposed method.