Gnanasekaran, Vahiny and Fatima, Urooj and Glas, Magdalena and Heegaard, Poul Einar (2025) A Model-Based Framework for Developing Security-Safety Incident Response Plans. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 24 (6): 229. ISSN 1615-5262, 1615-5270
Full text not available from this repository. (Request a copy)Abstract
Cyberattacks are increasingly affecting the safe operation of critical infrastructure (e.g., energy, manufacturing) and potentially endangering production, people, equipment, and the environment. A cyber-incident with physical consequences requires personnel responsible for aggregating log information, analyzing root cause (i.e., cybersecurity), and ensuring the production and safe operation of safety-critical systems (i.e., safety) to collaborate. For this, they must understand their own and each other's roles in the incident response process, as well as when and how to interact with different roles. To address this problem, this paper proposes a framework that utilizes a model-based approach to illustrate the critical roles and their interactions within a security-safety incident response plan. To demonstrate its applicability, the framework was applied in a qualitative study within the Norwegian oil and gas industry, involving two companies. This research sheds light on the relevance of applying a model-based approach to developing security and safety incident response plans for organizations. It investigates the relevance of using two modeling languages: a general-purpose software systems modeling language, the Unified Modeling Language (UML), and an enterprise process workflow modeling language, the Business Process Modeling Notation (BPMN), for visualizing the security-safety incident response plan. The findings indicate that the modeling languages are suitable and relevant for understanding and discussing the collaboration and coordination of different personnel's roles during security-safety incident response. The distinct diagrams highlight various aspects, including roles, transmitted information, tasks, and the sequence of tasks. Future work should consider how the diagrams can be applied during the training and learning of the incident response plans.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | Modeling language; Incident response; Critical infrastructure; Roles; Cyber security; Safety |
| Subjects: | 000 Computer science, information & general works > 004 Computer science 300 Social sciences > 330 Economics |
| Divisions: | Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatics and Data Science > Department Information Systems > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) |
| Depositing User: | Dr. Gernot Deinzer |
| Date Deposited: | 17 Jun 2026 05:10 |
| Last Modified: | 17 Jun 2026 05:10 |
| URI: | https://pred.uni-regensburg.de/id/eprint/66875 |
Actions (login required)
![]() |
View Item |

