Information systems security assessment based on system dynamics

Abstract

With the rapid development of information technology, information systems security becomes more and more important for both national economics and people's everyday life. Therefore, in this paper, we study on the problem of information systems security assessment. However, existing traditional methods has two major issues. First, it is unclear that whether there remains severe potential risks unrecognized, and thus the reliability is limited. Second, the assessment results deviate from the real one due to the time and environmental restrictions, the subjective reasons of the researchers, or biased observed data, etc. To this end, we propose to leverage system dynamics (SD) for information systems security assessment. Specifically, based on the analysis of casual loops and positive and negative feedbacks among factors, we explore potential risks and capture those who are impossible to be measured using traditional methods.