01955nas a2200229 4500000000100000000000100001008004100002260000900043653002700052653003900079653000800118653000800126653002800134653002000162653002800182100001700210700001700227245010100244300001000345490000700355520136300362 2013 d c201310aComprehensive security10aCritical Infrastructure Protection10aDRA10aDRM10adynamic risk assessment10arisk management10asupply chain protection1 aDavid López1 aOscar Pastor00aComprehensive Approach to Security Risk Management in Critical Infrastructures and Supply Chains a69-760 v293 a

The ability to assess and therefore react to risk exposure in critical infra¬structures and supply chains environments greatly contributes to reaching suitable protection levels and response mechanisms. Due to the unavoidable interdependen¬cies among those infrastructures, that allow disruptions to spread from one to an¬other and likely cause a great impact on society’s welfare state, risk management might be seen as a common and shared concern. The Comprehensive Risk Man¬agement approach tries to face this process by gathering information from a broad range of disciplines (physical and logical security, safety, environmental threats, etc.) while taking into account interdependencies of critical infrastructures and sup¬ply chains at different layers, going from critical infrastructure operators point of view, to sectoral, national and finally supranational levels. Besides, risk assessment and management processes rely on accurate and timely information to assist deci¬sion making, but this information (security holes, attacks or even disruptions suf¬fered by an infrastructure or supply chain)—due to its sensitiveness—does not eas¬ily flow between involved or interested parties. This paper provides an analysis of this situation and suggest future fields of action, supported by conclusions drawn from the FOCUS project.