Abstract | ||
---|---|---|
How do security departments relate to and manage information security controls in critical infrastructures (CI)? Our experience is that information security is usually seen as a technical problem with technical solutions. Researchers agree that there are more than just technical vulnerabilities. Vulnerabilities in processes and human fallibility creates a need for Formal and Informal controls in addition to Technical controls. These three controls are not independent, rather they are interdependent. They vary widely in implementation times and resource needs, making building security resources a challenging problem. We present a System Dynamics model which shows how security controls are interconnected and interdependent. The model is intended to aid security managers in CI to better understand information security management strategy, particularly the complexities involved in managing a socio-technical system where human, organisational and technical factors interact. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1007/978-3-642-03552-4_22 | Critical Information Infrastructure Security |
Keywords | DocType | Volume |
technical solution,security department,security control,building security resource,technical factors interact,critical information infrastructures,security strategy analysis,technical problem,information security,security manager,information security control,information security management strategy,critical infrastructure,information security management,system dynamics modeling,security management,information infrastructure | Conference | 5508 |
ISSN | Citations | PageRank |
0302-9743 | 1 | 0.37 |
References | Authors | |
4 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jose Manuel Torres | 1 | 9 | 1.69 |
Finn Olav Sveen | 2 | 29 | 5.93 |
Jose Maria Sarriegi | 3 | 53 | 6.43 |