Improving Cyber Security Risk Assessment by Combined Use of i* and Infrastructure Models

In an ever more connected and software controlled world, managing cyber security risks has become critical. Most industrial domains have grown a cyber security risk evaluation process combining its two risk factors (1) the impact on business domain assets and (2) the feasibility of threats at infrastructure level. Many available methods and tools to conduct such analysis rely on a rather bottom-up approach, anchored at the infrastructure level with only coarse grained links with the business domain. This paper explores the benefits of a more balanced approach combining a precise modelling of the business level using i* strategic rationale model, of the technical level using an infrastructure model and of the way the infrastructure layer supports the business layer. We show better reasoning and automation to conduct and update cyber security risks analysis. We implemented our approach on the EBIOS ISO27005 compliant methodology using the open source piStar and IriusRisk community toolset. We discuss our results on a water utility case in the light of related work.

website