200 Fault Tree Representation and Analysis: Human Factors, Cyber Security, and Assurance Levels (PSAM-0478)
-
Published:2006
Download citation file:
This paper applies a standard system engineering tool used in human reliability analysis (HRA) known as fault tree analysis to human performance characterization as part of the cyber security process. More specifically, it extends the fault tree analysis approach for assessing the human performance contribution to security, risk, and vulnerability issues in process control. Fault tree analysis is useful because it supports quantitative risk analysis and risk management, two areas of growing importance to the U.S. Department of Homeland Security. The authors are convinced that a human factors fault tree analysis can be used to help determine, characterize, and quantify important aspects of risk and vulnerability analysis across infrastructures. Based on the application, fault tree analysis can be applied to different levels of detail to easily obtain finer or coarser granularity. This paper introduces the concept of human factors cyber fault trees (HFCFTs); establishes the basis for using human factors input as part of the security assurance and risk analysis process, and integrates this information with security assurance level (SAL) concepts.