Paper Info
Title
Security Strategy Analysis for Critical Information Infrastructures
Abstract
How do security departments relate to and manage information security controls in critical infrastructures (CI)? Our experience is that information security is usually seen as a technical problem with technical solutions. Researchers agree that there are more than just technical vulnerabilities. Vulnerabilities in processes and human fallibility creates a need for Formal and Informal controls in addition to Technical controls. These three controls are not independent, rather they are interdependent. They vary widely in implementation times and resource needs, making building security resources a challenging problem. We present a System Dynamics model which shows how security controls are interconnected and interdependent. The model is intended to aid security managers in CI to better understand information security management strategy, particularly the complexities involved in managing a socio-technical system where human, organisational and technical factors interact.
Year
DOI
Venue
2008
10.1007/978-3-642-03552-4_22
Critical Information Infrastructure Security
Keywords
DocType
Volume
technical solution,security department,security control,building security resource,technical factors interact,critical information infrastructures,security strategy analysis,technical problem,information security,security manager,information security control,information security management strategy,critical infrastructure,information security management,system dynamics modeling,security management,information infrastructure
Conference
5508
ISSN
Citations 
PageRank 
0302-9743
1
0.37
References 
Authors
4
3
Name
Order
Citations
PageRank
Jose Manuel Torres191.69
Finn Olav Sveen2295.93
Jose Maria Sarriegi3536.43