Cyber-Security Incident Analysis by Causal Analysis using System Theory (CAST)

Tomoko Kaneko, Nobukazu Yoshioka, Ryoichi Sasaki

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, 'AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,' and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.

Original languageEnglish
Title of host publicationProceedings - 2021 21st International Conference on Software Quality, Reliability and Security Companion, QRS-C 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages806-815
Number of pages10
ISBN (Electronic)9781665478366
DOIs
Publication statusPublished - 2021
Event21st International Conference on Software Quality, Reliability and Security Companion, QRS-C 2021 - Virtual, Hainan, China
Duration: 2021 Dec 62021 Dec 10

Publication series

NameProceedings - 2021 21st International Conference on Software Quality, Reliability and Security Companion, QRS-C 2021

Conference

Conference21st International Conference on Software Quality, Reliability and Security Companion, QRS-C 2021
Country/TerritoryChina
CityVirtual, Hainan
Period21/12/621/12/10

Keywords

  • Accident Analysis
  • CAST
  • Security Incident
  • STAMP
  • STAMP S&S
  • System Theory

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Cyber-Security Incident Analysis by Causal Analysis using System Theory (CAST)'. Together they form a unique fingerprint.

Cite this