Abstract
Security in the airline industry receives heightened attention due to an increase of diverse attacks, many being driven by information technology. Ongoing research does not take into account the sociotechnical nature of security in critical domains such as airline turnaround systems. To cut time and costs, the latter comprises several companies for ticket- and luggage management, maintenance checks, cleaning, passenger transportation, re-fueling, and so on. The airline industry has adopted extensively information technology for assuring an incoming airplane is in a state to take off again as quickly as possible. Increasingly, this leads to the emergence of a virtual enterprise that uses information technologies to seamlessly integrate respective airline-turnaround processes into one composition. The resulting sociotechnical security risk management issues are not well understood and require diligent investigation. This paper fills the gap with an evaluation about the application of a security risk management method to identify critical business- and information-technology assets for a deeper risk mitigation analysis. The results of this paper yield insights about the utility of existing security risk management approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
Annex of Weighing-systems.com, describing deficiencies of aircrafts as a result of too much weight, http://tinyurl.com/7kborcf.
References
US Department of Transportation: Aircraft weight and balance handbook (2007). http://tiny.cc/m7xkcy
NATA Safety 1st eToolkit (2015). http://tiny.cc/5nzkcy
Anton, V.U., Eduardo, B.F.: An extensible pattern-based library, taxonomy of security threats for distributed systems. Secur. Inf. Syst. Adv. New Challenges 36, 734–747 (2014)
Bartelt, C., Rausch, A., Rehfeldt, K.: Quo vadis cyber-physical systems: research areas of cyber-physical ecosystems: a position paper. In: Proceedings of the 1st International Workshop on Control Theory for Software Engineering, CTSE 2015, pp. 22–25. ACM, New York (2015)
Belobaba, P., Odoni, A., Barnhart, C.: The global airline industry. Wiley, Chichester (2015)
Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A systematic approach to define the domain of information system security risk management. In: Nurcan, S., Salinesi, C., Souveyet, C., Ralyté, J. (eds.) Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)
Kutvonen, L., Norta, A., Ruohomaa, S.: Inter-enterprise business transaction management in open service ecosystems. In: 2012 IEEE 16th International on Enterprise Distributed Object Computing Conference (EDOC), pp. 31–40. IEEE (2012)
Leonardi, M., Piracci, E., Galati, G.: Ads-b vulnerability to low cost jammers: risk assessment and possible solutions. In: 2014 Tyrrhenian International Workshop on Digital Communications-Enhanced Surveillance of Aircraft and Vehicles (TIWDC/ESAV), pp. 41–46. IEEE (2014)
Long, S.: Socioanalytic Methods: Discovering the Hidden in Organisations and Social Systems. Karnac Books, London (2013)
Maiden, Neil Arthur McDougall, Ncube, Cornelius, Lockerbie, James: Inventing Requirements: Experiences with an Airport Operations System. In: Rolland, Colette (ed.) REFSQ 2008. LNCS, vol. 5025, pp. 58–72. Springer, Heidelberg (2008)
Massacci, F., Paci, F., Tedeschi, A.: Assessing a requirements evolution approach: empirical studies in the air traffic management domain. J. Syst. Soft. 95, 70–88 (2014)
Mayer, N.: Model-based management of information system security risk. Ph.D. thesis. University of Namur (2009)
Business Process Model. Notation (bpmn) version 2.0. Object Management Group specification (2011). http://www.bpmn.org
Nõukas, R.: Service brokering environment for an airline, (Master Thesis). Tallinn University of Technology (2015)
Norta, Alex: Creation of Smart-Contracting Collaborations for Decentralized Autonomous Organizations. In: Matulevičius, Raimundas, Dumas, Marlon (eds.) BIR 2015. LNBIP, vol. 229, pp. 3–17. Springer, Heidelberg (2015)
Norta, A., Grefen, P., Narendra, N.C.: A reference architecture for managing dynamic inter-organizational business processes. Data Knowl. Eng. 91, 52–89 (2014)
Norta, A., Ma, L., Duan, Y., Rull, A., Kõlvart, M., Taveter, K.: eContractual choreography-language properties towards cross-organizational business collaboration. J. Internet Serv. Appl. 6(1), 1–23 (2015)
Samarütel, S., Matulevičius, R., Norta, A., Nõukas, R. In: Horkoff, J., Jeusfeld, M., Persson, A. (eds.) The Practice of Enterprise Modeling. LNBIP, vol. 267, 1st edn. Springer, Heidelberg (2016)
Sampigethaya, K., Poovendran, R.: Aviation cyber-physical systems: foundations for future aircraft and air transport. Proc. IEEE 101(8), 1834–1855 (2013)
Shim, W., Massacci, F., Tedeschi, A., Pollini, A.: A relative cost-benefit approach for evaluating alternative airport security policies. In: 2014 Ninth International Conference on Availability, Reliability and Security (ARES), pp. 514–522. IEEE (2014)
van Solingen, R., Basili, V., Caldiera, G., Rombach, H.D.: Goal Question Metric (GQM) Approach. Wiley, New York (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Matulevičius, R., Norta, A., Udokwu, C., Nõukas, R. (2016). Security Risk Management in the Aviation Turnaround Sector. In: Dang, T., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds) Future Data and Security Engineering. FDSE 2016. Lecture Notes in Computer Science(), vol 10018. Springer, Cham. https://doi.org/10.1007/978-3-319-48057-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-48057-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48056-5
Online ISBN: 978-3-319-48057-2
eBook Packages: Computer ScienceComputer Science (R0)