Experimentation tool for critical infrastructures risk management

The paper concerns a risk assessment and management methodology in critical infrastructures. The research objective is to adapt a ready-made risk manager, supporting information security- and business continuity management systems, to a new domain of application - critical infrastructure protection. First, a review of security issues in critical infrastructures was performed, with special focus on risk management. On this basis the assumptions were discussed how to adapt the OSCAD risk manager designed for the information security/business continuity applications. According to these assumptions, the OSCAD risk manager was adapted to its new domain of application, i.e. critical infrastructures. The aim of this work is to assess the usefulness of such a solution and to elaborate requirements for the advanced critical infrastructure risk manager to be developed from scratch.