Risk Assessment tool analysis for Industrial Automation and Control Systems

= Background and Motivation = The security risk assessment is the the process of identifying risks to operations, assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Security requirements are different in the Industrial Automation and Control Systems (IACS) compared to the conventional IT systems. One of the greatest challenges in improving cybersecurity practices for Industrial Automation and Control Systems is that many of the practices and techniques used for general purpose IT systems are not be applicable for industrial use. In a typical IT system, data confidentiality and integrity are typically the primary concerns. For an IACS, human safety and fault tolerance to prevent loss of life or endangerment of public health or confidence, regulatory compliance, loss of equipment, loss of intellectual property, or lost or damaged products are the primary concerns. The personnel responsible for operating, securing, and maintaining IACS must understand the important link between safety and security. Security threat landscape for IACS is continuously evolving as today’s IACS is moving from stand-alone isolated network towards connected network. Instead of proprietary protocols, IACS is increasingly adapting open and common standards and protocols. As the security for Industrial Automation and Control systems demand different requirements and approaches, traditional risk assessment methodologies may need more investigations before they are being applied in the areas of IACS. Specific International standards have also been proposed targeting the areas of IACS.

This page provides hints on what to include in your master thesis.

= TOC = Title page, abstract, ...
 * 1. Introduction, containing: short intro into the area, what is happening
 * 1.1 Motivation, containing: what triggered me to write about what I'm writing about
 * 1.2 Methods, containing: which methods are you using, how do you apply them


 * 2. Scenario, optional chapter for explaining some use cases
 * 2.1 user scenario, (bad name, needs something bedre)
 * 2.2 Requirements/Technological challenges


 * 3. State-of-the art/Analysis of technology, structure your content after hardware/SW (or other domains). Describe which technologies might be used to answer the challenges, and how they can answer the challenges
 * 3.1 technology A
 * 3.2 technology B


 * 4. Implementation
 * 4.1 Architecture, functionality
 * 4.2


 * 5. Evaluation
 * 6. Conclusions
 * References

= Comments =

Red line
Your thesis should have a "red line", which is visible throughout the whole thesis. This means you should mention in the beginning of each chapter how the chapter contributes to the "goals of the thesis".

Use of scientific methods
A thesis follows a standard method:
 * describe the problem (problemstilling)
 * extract the challenges. These challenges should be measurable, e.g. method is too slow to be useful to voice handover.
 * Analyse technology with respect to challenges. Don't write & repeat "everything" from a certain technology, concentrate on those parts (e.g. protocols) which are of importance for your problem

References
 * Wikipedia is good to use to get an overview on what is happening. But there is not scientific verification of Wikipedia, thus you should use wikipedia only in the introduction of a chapter (if you use text from wikipedia). Use scientific literature for your thesis.
 * Scientific library is "at your hand", you can get there directly from UiO: How to get access to IEEE, Springer and other scientific literature -> Unik/UiOLibrary
 * I suggest that references to web pages, e.g. OASIS, W3C standards, are given in a footnote. Only if you find white papers or other .pdf documents on a web page then you refer to them in the reference section.

Evaluation of own work
Perform an evaluation of your own work. Revisit the challenges and discuss in how you fulfilled them. Provide alternative solution and discuss what should be done (or what could have been done).