Comprehensive Approach to Security Risk Management in Critical Infrastructures and Supply Chains

Publication Type:

Journal Article


Information & Security: An International Journal, Volume 29, Issue 1, p.69-76 (2013)


Comprehensive security, Critical Infrastructure Protection, DRA, DRM, dynamic risk assessment, risk management, supply chain protection.


The ability to assess and therefore react to risk exposure in critical infra¬structures and supply chains environments greatly contributes to reaching suitable protection levels and response mechanisms. Due to the unavoidable interdependen¬cies among those infrastructures, that allow disruptions to spread from one to an¬other and likely cause a great impact on society’s welfare state, risk management might be seen as a common and shared concern. The Comprehensive Risk Man¬agement approach tries to face this process by gathering information from a broad range of disciplines (physical and logical security, safety, environmental threats, etc.) while taking into account interdependencies of critical infrastructures and sup¬ply chains at different layers, going from critical infrastructure operators point of view, to sectoral, national and finally supranational levels. Besides, risk assessment and management processes rely on accurate and timely information to assist deci¬sion making, but this information (security holes, attacks or even disruptions suf¬fered by an infrastructure or supply chain)—due to its sensitiveness—does not eas¬ily flow between involved or interested parties. This paper provides an analysis of this situation and suggest future fields of action, supported by conclusions drawn from the FOCUS project.