Information technology network security risk assessment and management framework for shipping companies

Shipping companies are high-vulnerability information handling organizations (HIHOs). In the past, such companies used exclusively HIHO private communication networks and own satellite resources in order to share and transport sensitive information. In recent years, the ability for the HIHO network users to exploit the advantages of the low-vulnerability information handling organizations’ (LIHOs) value added networks, has led to the need for augmentation of the HIHO networks. In the maritime sector, a push-and-pull effect on the need and demand to transfer information onboard and ashore has led many companies to experiment with interconnected HIHO and LIHO open distributed systems and networks, for their ship-to-shore communications. Security then becomes an issue in a domain, onboard--ashore data transmissions, where little information on the level of risk is available. This paper proposes a risk assessment and management framework to assist in countermeasure selection and level of LIHO network use definition. The model is ultimately applicable where information on potential risks and their impact is minimum and simultaneously changeable. The model is connected to a security profile for interconnected HIHO and LIHO open distributed systems and networks.