Abstract
Commercial ports are large scale infrastructures which their Information and Telecommunication (PIT) systems offer critical services and host sensitive data. However the current maritime legislation or standardization efforts do not sufficiently cover the IT security of the commercial ports. Identifying these needs we propose a collaborative environment offering security management services including a targeted risk management methodology which will help commercial ports to self manage their security.
Chapter PDF
Similar content being viewed by others
Keywords
References
AS/NZS 4360: Risk management standards australia. Strathfield (1999)
Brunner, E., Suter, M.: International CIIP Handbook 2008/2009: An Inventory of 25 National and 7 International Critical Infrastructure Protection Policies. Center for Security Studies, ETH Zurich, Switzerland (2008)
ENISA: workshop on cyber security aspects in the maritime sector (2011), http://www.enisa.europa.eu/act/res/workshops-1/2011/cyber-security-aspects-in-the-maritime-sector
ISO/IEC 27001: Information technology - security techniques - information security management system - requirements (2005), http://www.iso.org
ISO/IEC 27002: Information technology - security techniques - code of practice for information security management (2005), http://www.iso.org
ISO/IEC 27005: Information technology - security techniques - information security risk management (2008), http://www.iso.org
Karantjias, A., Polemi, N.: An innovative platform architecture for complex secure e/m government services. Int. J. Electronic Security and Digital Forensics (IJESDF) 2, 338–354 (2009)
National Institute for Standards and Technology: Risk management guide for information technology systems. NIST Special Publication 800-30, http://csrc.nist.gov/publications/PubsSPs.html (accessed October 15, 2011)
North American Reliability Corporation (NERC), http://www.nerc.com (accessed December 7, 2011)
Ntouskas, T., Papanikas, D., Polemi, N.: A collaborative system offering security management services for SMEs/mEs. In: Bashroush, R., et al. (eds.) 7th IEEE International Conference in Global Security, Safety and Sustainability (ICGS3 2011). Springer, Thessaloniki (August 2011) (to appear)
Ntouskas, T., Papanikas, D., Polemi, N.: Trusted collaborative services for the IT security management of SMEs/mEs. Int. J. Electronic Security and Digital Forensics (IJESDF) (to appear)
Ntouskas, T., Pentafronimos, G., Papastergiou, S.: STORM - Collaborative Security Management Environment. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 320–335. Springer, Heidelberg (2011)
Ntouskas, T., Kotzanikolaou, P., Polemi, N.: Impact Assessment through Collaborative Asset Modeling: The STORM-RM approach. In: 1st International Symposium & 10th Balkan Conference on Operational Research, Thessaloniki, Greece (to appear)
Ntouskas, T., Polemi, N.: A secure, collaborative environment for the security management of port information systems. In: Proceedings of the Fifth International Conference on the Internet and Web Applications and Services, ICIW 2010, pp. 374–379. IEEE Computer Society Digital Library, Barcelona (2010)
Ntouskas, T., Polemi, N.: Collaborative security management services for port information systems. In: International Conference on e-Business, ICE-B 2012, Rome, Italy (submitted, 2012)
Ntouskas, T., Polemi, N.: STORM-RM: A collaborative and multicriteria risk management methodology. Int. J. Multicriteria Decision Making (IJMCDM) (to appear)
Pentafronimos, G., Karantjias, A., Polemi, N.: Odysseus: An advanced, colla-borative and trusted framework for the provision of migration services. In: Proceedings of the Fifth International Conference on the Internet and Web Applications and Services, ICIW 2010, pp. 531–537. IEEE Computer Society Digital Library, Barcelona (2010)
Polemi, N.: Security management of the ports’ information systems. ENISA Personal study (to appear)
S-PORT Deliverable 1.2: State of the art and user requirements in the Port Information and Telecommunication (PIT) Systems Security, http://s-port.unipi.gr/
S-PORT Deliverable 1.4: Port Information and Telecommunication (PIT) Systems Security requirements-A targeted PIT-risk assessment methodology, http://s-port.unipi.gr/
S-PORT Project: A secure, collaborative environment for the security management of Port Information Systems, http://s-port.unipi.gr/
Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Service Sciences 1, 83–98 (2008)
Theoharidou, M., Kandias, M., Gritzalis, D.: Securing transportation-critical infrastructures: Trends and perspectives. In: Bashroush, R., et al. (eds.) 7th IEEE International Conference in Global Security, Safety and Sustainability (ICGS3 2011). Springer, Thessaloniki (August 2011) (to appear)
Transportation Security Administration: Critical infrastructure and key resources sector-specifc plan as input to the national infrastructure protection plan. Dept. of Homeland Security, USA (2007)
US Dept. of Homeland Security: National Infrastructure Protection Plan (2009), http://www.dhs.gov/ (accessed December 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Polemi, N., Ntouskas, T. (2012). Open Issues and Proposals in the IT Security Management of Commercial Ports: The S-PORT National Case. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_50
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)