Vol 3 No 1 (2020): Special issue on cyber-security of critical infrastructure

Implementing Cybersecurity Measures in Transport Organisation

Silvana Tomić Rotim
University of Applied Sciences Velika Gorica
Published November 17, 2020
  • critical infrastructure,
  • Cybersecurity Regulation,
  • ISO 27032,
  • Risk Management,
  • Business Continuity
How to Cite
Tomić Rotim, S. (2020). Implementing Cybersecurity Measures in Transport Organisation. Annals of Disaster Risk Sciences, 3(1). https://doi.org/10.51381/adrs.v3i1.48


The Article describes the phases of implementing the necessary measures according to Cybersecurity Regulation for critical infrastructure and ISO 27032 standard. As a base for identification of the necessary measures in transport organization the risk assessment has been done. The Risk Management Methodology has been described as well as the results of the risk assessment. The main aspects of risk treatment with the most suitable measures for Cyber risks are identified. Also as very important aspect of protecting critical transport infrastructure we have identified the critical services and prepared business continuity plans. The main steps and results in providing the acceptable level of availability and opportunities for continuity are presented and explained.


  1. EU Directive (2016): European Union Parliament and the Council, the Directive (EU) 2016/1148 concerning measures for high common level of security of network and information systems across the Union, 6 July 2016.
  2. Goud, N. (2017): Most Dangerous Cyber Security Threats of 2017, https://www.cybersecurity-insiders.com/most-dangerous-cyber-security-threats-of-2017/
  3. ISO/IEC (2012), ISO/IEC 27032 Information technology – Security techniques – Guidelines for Cybersecurity
  4. ISO/IEC (2013), ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
  5. Milne, A. (2017): Hacking the railway, The European Rail Supply Industry Association, https://www.railengineer.co.uk/2017/05/30/hacking-the-railway/
  6. National Strategy for Cybersecurity, 7 October 2015. (NN108/2015)
  7. Tomić Rotim, S. (2019): The contemporary technological aspects of Cybersecurity: restrictions and opportunities posed by modern technology, 12th International Scientific and Professional Conference “Crisis Management Days”, Conference Proceedings, Šibenik, 2019.
  8. UNIFE (2019): Vision Paper on Digitalization Digital Trends in the Rail Sector, http://www.unife.org/component/attachments/?task=download&id=984, published: 15 April 2019.