|dc.description.abstract||Malfunction of critical infrastructures have a serious impact on health, safety, security
and economic wellbeing of citizens and have therefore to be supremely protected.
Today’s cyber threats gain in importance especially for critical infrastructure as they
have enormous potential for damage. Critical infrastructures are the backbone of our
nation's economy, security and health.
Different instruments are available to address various information security topics. Some
regulations exist for parts of critical infrastructure sectors. But there is currently no
unique security level of critical infrastructure enterprises.
Goal of this study is to develop a model for critical infrastructures to prevent and
mitigate current cyber risks. Gaps in information security for critical infrastructures
were disclosed between available instruments and the needs of critical infrastructure
Primary source is based on case study research. Critical infrastructure experts were
interviewed to get information about current situations in critical infrastructure
enterprises. Books, documentation and journals in the field of information security or
critical infrastructure protection are investigated as secondary resources. These sources
were used to build a model by prototyping approach, which then was validated by
critical infrastructure experts.
Analysis of the case study discloses gaps in the area of awareness, cyber risk
management, education, funding, regulation and technology.
The developed “Critical Infrastructure Information Security Model” describes these
areas and shows an improved information security model with focus on cyber risks of