The work aims at carrying out a literature survey to identify the key methods and approaches for the protection of critical infrastructure through risk governance. The literature review should focus on identifying vulnerability assessment methods and security assessment methods. Further, identifying dependency chains is important to develop effective infrastructure protection mechanisms. Multiple approaches rely on identifying relevant risks and developing scenario based strategies to protect the infrastructure. The work aims at carrying a literature review for the different approaches of risk governance for critical infrastructure and available tools.
The review should focus on presenting a critical perspective that identifies weaknesses and strengths for each method. Depending on the candidates interest, an example of a risk identification method for critical infrastructures can be implemented using user friendly existing tools (Excel). Identification of important attributes in the approaches reviewed is a useful step that could make it easy to convert the method to a graph based or a hierarchy vulnerability assessment support tool.
Attention should be given to a set of important critical infrastructure that can be selected from the following: power plants, water networks, dams, key governmental offices, nuclear facilities, cyber / information and critical infrastructure. The American presidential directive lists 16 types of critical infrastructure that are important to protect and strengthen to maintain a secure running infrastructure.
Developing a list of relevant concepts can help in summarising the key areas of attention. The candidate can be supported to produce a conceptual / knowledge graph with the core concepts. This can include the attributes relevant to vulnerabilities, risks, dependencies, consequences and assets.