Abstract
Technology is increasingly being used by organisations to mediate social/business relationships and social/business transactions. While traditional models of impact assessment have focused on the loss of confidentiality, integrity and availability, we propose a new model based upon socio-technical systems thinking that places the people and the technology within an organisation’s business/functional context. Thus in performing risk management in a cyber security and safety context, a detailed picture of the impact that a security/safety incident can have on an organisation is developed. This in turn stimulates a more holistic view of the effectiveness, and appropriateness, of a counter measure.
Highlights
It is clear that, given the level of complexity of Information Systems Security (ISS) risk management’s simple linear models as proposed in most of the existing approaches will not be able to capture such complexities [1]
While traditional models of impact assessment have focused on the loss of confidentiality, integrity and availability, we propose a new model based upon socio-technical systems thinking that places the people and the technology within an organisation’s business/functional context
To achieve a more complete picture of the risks that cyber attacks pose to safety and security a more social oriented model must be developed that views an organisation as a holistic construct comprising of people and technology; and allow for the relationships and interactions between them to be better modelled and understood
Summary
Given the level of complexity of Information Systems Security (ISS) risk management’s simple linear models as proposed in most of the existing approaches will not be able to capture such complexities [1]. Our target is to construct a framework that will allow us to reason about risk and impact assessment as a stateful model on a socio-technical systems level so as to better capture the dynamics of a cybernetic organization and its state of affairs It is in the cybernetic organizations’ nature that we can find the arguments for the need of a more social approach to cyber security and safety. We will use stateful models to express the status quo of an organization, i.e. the current state of the systems, personnel and processes at each discrete moment before and after an event have occurred This is going to give us a better perspective of the dependencies, responsibilities and reliabilities that run through the entire hierarchical chain of an organisation. It will allow us to be able to run different threat scenarios and detect the potential vulnerabilities in a corporate network through forward and backward chaining
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
