Abstract
How do security departments relate to and manage information security controls in critical infrastructures (CI)? Our experience is that information security is usually seen as a technical problem with technical solutions. Researchers agree that there are more than just technical vulnerabilities. Vulnerabilities in processes and human fallibility creates a need for Formal and Informal controls in addition to Technical controls. These three controls are not independent, rather they are interdependent. They vary widely in implementation times and resource needs, making building security resources a challenging problem. We present a System Dynamics model which shows how security controls are interconnected and interdependent. The model is intended to aid security managers in CI to better understand information security management strategy, particularly the complexities involved in managing a socio-technical system where human, organisational and technical factors interact. © 2009 Springer Berlin Heidelberg.
Cite
CITATION STYLE
Torres, J. M., Sveen, F. O., & Sarriegi, J. M. (2009). Security strategy analysis for critical information infrastructures. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5508 LNCS, pp. 247–257). https://doi.org/10.1007/978-3-642-03552-4_22
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
