Organizational Security Architecture for Critical Infrastructure

The governance of critical infrastructures requires a fail-safe dedicated security management organization. This organization must provide the structure and mechanisms necessary for supporting the business processes execution, including: decision-making support and the alignment of this latter with the application functions and the network components. Most research in this field focuses on elaborating the SCADA system which embraces components for data acquisition, alert correlation and policy instantiation. At the application layer, one of the most exploited approaches for supporting SCADA is built up on multi-agent system technology. Notwithstanding the extent of existing work, no model allows to represent these systems in an integrated manner and to consider different layers of the organization. Therefore, we propose an innovative version of ArchiMate® for multi-agent purpose with the objective to enrich the agent society collaboration and, more particularly, the description of the agent´s behavior. Our work is has been illustrated in the context of a critical infrastructure in the field of a financial acquiring/issuing mechanism for card payments.