Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security from a Systems Thinking Perspective - Applying Soft Systems Methodology to the Analysis of an Information Security Incident
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2014 (English)In: Proceedings of the 58th Annual Meeting of the International Society for the Systems Sciences (ISSS 2014), York: International Society for the Systems Sciences ( ISSS ) , 2014, 1-17 p.Conference paper, Published paper (Refereed)
Abstract [en]

Applying systems theory to information security enables security analysts to consider the socio-technical role of the security system instead of only focusing on the technical part. Systems theory can also equip security analysts with the skills required to have a holistic and an abstract level of understanding of the security problem in their organisations and to proactively define and evaluate existing risks. The Soft Systems Methodology (SSM) developed by Peter Checkland was created in order to deal with unstructured situations where human beings are part of the socio-technical system. In this paper, SSM is applied as a framework to diagnose a real case security incident in an organisation. The purpose of this application is to demonstrate how the methodology can be considered a beneficial tool for security analysts during security incident management and risk analysis. Literature review and experience indicate an existing lack of customisable incident response tools that facilitate communication and elaboration within organizations during incident management. In addition to the fact that these tools are mainly technical and don’t take the human factor into consideration. Using SSM as such, we define the security attack as a human activity transformation system that transforms a security event triggered by an attacker into a security breach that cause damage to the victim organisation. The attack system is then modelled to include a number of dependent activity sub-systems that interact with each other and their environment including the security control activity systems. By having such systemic perception of a security attack, security analysts, we suggest, can have a holistic perception under what conditions a security attack has succeeded and what elements of the socio-technical system and its environment should have been considered in order to mitigate and reduce the risk exposure.

Place, publisher, year, edition, pages
York: International Society for the Systems Sciences ( ISSS ) , 2014. 1-17 p.
Series
Journal of the International Society for the Systems Sciences, ISSN 0005-7940
Keyword [en]
SSM, Socio-Technical Approach, Information Security, Security Approach, Security Incident
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-114736OAI: oai:DiVA.org:su-114736DiVA: diva2:793846
Conference
The 58th Meeting of ISSS, Washington DC, USA, July 2014
Available from: 2015-03-09 Created: 2015-03-09 Last updated: 2015-03-16Bibliographically approved

Open Access in DiVA

No full text

Other links

http://journals.isss.org/index.php/proceedings58th/article/view/2305

Search in DiVA

By author/editor
Kowalski, Stewart
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 112 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf