Gonçalves, Duarte PSerfontein, Christian J2022-12-052022-12-052022-11Gonçalves, D.P. & Serfontein, C.J. 2022. Systemic approaches to critical infrastructure risk and security capabilities. http://hdl.handle.net/10204/12557 .http://hdl.handle.net/10204/12557This article examines current and emerging threats to infrastructure as South Africa transitions from the National Key Points Act (NKPA), Act No. 102 of 1980 to the Critical Infrastructure Protection Act (CIPA), Act No. 8 of 2019. The aim is to provide risk and security architecture frameworks that will inform regulations and the design of security measures. To do this, the notion of risk and risk appetite are used to define the critical infrastructure risk model in terms of output risk; enterprise risk; input risk and threat risk. These risks are interpreted in relation to CIPA and its regulations. Threat risk is explored in more detail as a design basis for a security operational concept. Important areas that CIPA will need to augment will be contextualising critical infrastructure and essential infrastructure within an infrastructure ecosystem with a related strategy. In the last part of the article, the link between how the security operational concept address the threat risks and the constituents of a security architecture.FulltextenNational Key Points ActNKPACritical Infrastructure Protection ActCIPAConference PresentationGonçalves, D. P., & Serfontein, C. J. (2022). Systemic approaches to critical infrastructure risk and security capabilities. http://hdl.handle.net/10204/12557Gonçalves, Duarte P, and Christian J Serfontein. "Systemic approaches to critical infrastructure risk and security capabilities." <i>16th INCOSE South Africa Systems Engineering Conference (Virtual), 14-16 November 2022</i> (2022): http://hdl.handle.net/10204/12557Gonçalves DP, Serfontein CJ, Systemic approaches to critical infrastructure risk and security capabilities; 2022. http://hdl.handle.net/10204/12557 .TY - Conference Presentation AU - Gonçalves, Duarte P AU - Serfontein, Christian J AB - This article examines current and emerging threats to infrastructure as South Africa transitions from the National Key Points Act (NKPA), Act No. 102 of 1980 to the Critical Infrastructure Protection Act (CIPA), Act No. 8 of 2019. The aim is to provide risk and security architecture frameworks that will inform regulations and the design of security measures. To do this, the notion of risk and risk appetite are used to define the critical infrastructure risk model in terms of output risk; enterprise risk; input risk and threat risk. These risks are interpreted in relation to CIPA and its regulations. Threat risk is explored in more detail as a design basis for a security operational concept. Important areas that CIPA will need to augment will be contextualising critical infrastructure and essential infrastructure within an infrastructure ecosystem with a related strategy. In the last part of the article, the link between how the security operational concept address the threat risks and the constituents of a security architecture. DA - 2022-11 DB - ResearchSpace DP - CSIR J1 - 16th INCOSE South Africa Systems Engineering Conference (Virtual), 14-16 November 2022 KW - National Key Points Act KW - NKPA KW - Critical Infrastructure Protection Act KW - CIPA LK - https://researchspace.csir.co.za PY - 2022 T1 - Systemic approaches to critical infrastructure risk and security capabilities TI - Systemic approaches to critical infrastructure risk and security capabilities UR - http://hdl.handle.net/10204/12557 ER -26178