Chille, VanessaMund, SybilleMöller, AndreasLangweg, HannoMeier, MichaelWitt, Bernhard C.Reinhardt, Delphine2018-03-222018-03-222018978-3-88579-675-6https://dl.gi.de/handle/20.500.12116/16275We present a concept for finding an appropriate combination of physical security and IT security measures such that a comprehensive protection is provided. In particular, we consider security for critical infrastructures, such as railway systems. For classifying physical security measures, the so-called Protection Classes from the standard EN 50600 are used in our approach. To provide comprehensive protection for a system under consideration, these sets of explicit physical security measures need to be combined with other kinds of security, such as IT security and organizational security. We present a new classification approach named 'Type of Attack(er)' that allows for taking all aspects of security into joint consideration, and harmonizes physical and IT security levels by creating a link between EN 50600 and IEC 62443.enphysical securityIT securityIEC 62443EN 50600critical infrastructuresText/Conference Paper10.18420/sicherheit2018_101617-5468