Skip to main content
Log in

Collaborative risk management for national security and strategic foresight

Combining qualitative and quantitative operations research approaches

  • Original Article
  • Published:
EURO Journal on Decision Processes

Abstract

Public decision makers are faced with the great challenge of detecting and identifying future risks. This concerns especially the field of national security. Decision makers must be able to identify threats in order to react to them adequately and so reduce risks. For this reason, a general risk management support guideline for public decision makers is developed which focuses on national security. The objective of the framework is to identify future risks, to analyze, and to evaluate them, so that concrete actions can be set to tackle the threats. The risk management framework is based on the core of the ISO 31000 risk management norm and guides the decision maker stepwise through the complex process. Therefore, several potential techniques and tools are combined in order to gain an overall picture of several scenarios. A collaboration of subject matter experts of several disciplines constitutes an important part of the process.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Notes

  1. The notation follows the ISO 31000 standard.

  2. The example is based upon an occurence in 2010, see (Schöhnbohm 2011).

References

  • Aalst WVD, van Hee KM (2002) Workflow management. Models, methods, and systems. Cooperative information systems. MIT Press, Cambridge

    Google Scholar 

  • Adamic L, Huberman B (2000) Power-law distribution of the world wide web. Science 287:2115a

    Article  ADS  Google Scholar 

  • Aggestam L (2006) Learning organization or knowledge management—which came first, the chicken or the egg? Inf Technol Control 35(3A):295–302

    Google Scholar 

  • Amanatidou E, Butter M, Carabias V, Könnölä T, Leis M, Saritas O, Schaper-Rinkel P, van Rij V (2012) On concepts and methods in horizon scanning: lessons from initiating policy dialogues on emerging issues. Sci Public Policy 39(2):208–221

    Article  Google Scholar 

  • Andress J, Winterfeld S (2014) Cyber warfare: techniques, tactics and tools for security practitioners, 2nd edn. Elsevier, Syngress

    Google Scholar 

  • Barabási AL, Oltvai ZN (2004) Network biology: understanding the cell’s functional organization. Nat Rev Genet 5(2):101–113

    Article  PubMed  Google Scholar 

  • Barth R, Meyer-Nieberg S, Pickl S, Schuler M, Wellbrink J (2012) A toolbox for operational analysis. In: Proceedings of the 2012 symposium on emerging applications of M&S in industry and academia symposium, Society for Computer Simulation International, San Diego, CA, EAIA’12, pp 3:1–3:8. http://dl.acm.org/citation.cfm?id=2338790.2338793

  • Bodrow W (2006) Knowledge management in small and medium-sized enterprises. In: Wang K, Kovacs G, Wozny M, Fang M (eds) Knowledge enterprise: intelligent strategies in product design, manufacturing, and management, IFIP International Federation for Information Processing, vol 207. Springer, Boston, pp 41–53. doi:10.1007/0-387-34403-9_5

  • Bonchev D (1983) Information theoretic indices for characterization of chemical structures. Research Studies Press, Chichester

    Google Scholar 

  • Bonchev D (1995) Topological order in molecules 1. Molecular branching revisited. J Mol Struct 336(2–3):137–156

    Article  CAS  Google Scholar 

  • Bundesamt für Sicherheit in der Informationstechnik (2013) ICS-Security-Kompendium. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ICS/ICS-Security_kompendium_pdf.pdf?_blob=publicationFile

  • Bundesministerium des Innern (2009) Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie). http://www.bmi.bund.de/cae/servlet/contentblob/544770/publicationFile/27031/kritis.pdf

  • Bundesministerium des Innern (2011) Cyber-Sicherheitsstrategie für Deutschland. Technical report, Bundesministerium des Innern. http://www.bmi.bund.de/DE/Themen/IT-Netzpolitik/IT-Cybersicherheit/Cybersicherheitsstrategie/cybersicherheitsstrategie_node.html

  • Bunke H (2000) Graph matching: theoretical foundations, algorithms, and applications. Proc Vis Interface 2000:82–88

    Google Scholar 

  • Caralli RA, Stevens JF, Young LR, Wilson WR (2007) Introducing OCTAVE allegro: improving the information security risk assessment process. Technical Report CMU/SEI-2007-TR-012, Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8419. Accessed on 13 Nov 2014

  • Carneiro HA, Mylonakis E (2009) Google trends: a web-based tool for real-time surveillance of disease outbreaks. Clin Infect Dis 49(10):1557–1564

    Article  PubMed  Google Scholar 

  • Chakrabarti S (2002) Mining the web: discovering knowledge from hypertext data. Morgan Kaufmann, San Francisco

    Google Scholar 

  • Chauke Nehme C, de Miranda Santos M, Fellows Filho L, Massari Coelho G (2012) Challenges in communicating the outcomes of a foresight study to advise decision-makers on policy and strategy. Sci Public Policy. doi:10.1093/scipol/scs015

  • Choi H, Varian H (2012) Predicting the present with Google trends. Econ Rec 88(1):2–9

    Article  Google Scholar 

  • Dehmer M (2006) Strukturelle analyse web-basierter dokumente. Multimedia und Telekooperation. Deutscher Universitäts Verlag, Wiesbaden

    Google Scholar 

  • Dehmer M (2008) Information processing in complex networks: graph entropy and information functionals. Appl Math Comput 201:82–94

    Article  MATH  MathSciNet  Google Scholar 

  • Dehmer M, Emmert-Streib F (2014) Quantitative graph theory, theory and applications. CRC Press, Boca Raton

    Google Scholar 

  • Dehmer M, Emmert-Streib F, Graber A, Salvador A (eds) (2011) Applied statistics for network biology. Quantitative and network biology. Wiley-Blackwell, New York

    Google Scholar 

  • Dehmer M, Grabner M, Varmuza K (2012) Information indices with high discriminative power for graphs. PLoS ONE 7(e31):214

    Google Scholar 

  • Dehmer M, Kraus V, Emmert-Streib F, Pickl S (2014) What is quantitative graph theory? CRC Press, Boca Raton, pp 1–33

  • Dorogovtsev SN, Mendes JFF (2003) Evolution of networks from biological networks to the internet and WWW. Oxford University Press, Oxford

    Book  MATH  Google Scholar 

  • Douramanis M (2014) Risk assessment for cyber threats to networked critical infrastructure. Master’s thesis, Universiteit Leiden, Universität der Bundeswehr München

  • Emmert-Streib F, Dehmer M (eds) (2010a) Analysis of microarray data: a network-based approach. Wiley VCH Publishing, Weinheim

  • Emmert-Streib F, Dehmer M (2010b) Identifying critical financial networks of the DJIA: towards a network based index. Complexity 16(1):24–33

    Article  Google Scholar 

  • Emmert-Streib F, Dehmer M (2010c) Influence of the time scale on the construction of financial networks. PLoS ONE 5(9):e12884

    Article  PubMed Central  PubMed  ADS  Google Scholar 

  • Emmert-Streib F, Dehmer M (2011) Networks for systems biology: conceptual connection of data and function. IET Syst Biol 5:185–207

    Article  CAS  PubMed  Google Scholar 

  • Epstein J (2008) Generative social science studies in agent-based computational modelling. Princeton University Press, Princeton

    Google Scholar 

  • Erdös P, Rényi P (1960) On the evolution of random graphs. Magyar Tud Akad Mat Kutató Int Közl 5:17–61

    MATH  Google Scholar 

  • Federal Office for Civil Protection (2014) Integrated risk management. Bern, Switzerland

    Google Scholar 

  • German Alliance for Cybersecurity (2014). https://www.allianz-fuer-cybersicherheit.de

  • Goldstone JA, Bates RH, Epstein DL, Gurr TR, Lustik MB, Marshall MG, Ulfelder J, Woodward M (2010) A global model for forecasting political instability. Am J Political Sci 54(1):190–208

    Article  Google Scholar 

  • Habegger B (2010) Strategic foresight in public policy: reviewing the experiences of the UK, Singapore, and the Netherlands. Futures 42(1):49–58

    Article  MathSciNet  Google Scholar 

  • Harary F (1969) Graph theory. Addison Wesley Publishing Company, Reading, MA

  • Hauschild D, Leopold A, Lohmann S, Masala C, Meyer-Nieberg S, Pickl S, Plenk S, Tepel T, Zsifkovits M (2014) Quantitative methods of future studies, final report. Universität der Bundeswehr München, Technical report

  • International Organization for Standardization (2009) ISO 31000:2009 risk management—guidelines for principles and implementation of risk management

  • Klipper S (2011) Information security risk management, Risikomanagement mit ISO/IEC 27001, 27005 und 31010. Springer, New York

  • Kosala R, Blockeel H (2000) Web mining research: a survey. SIGKDD Explor 2(1):1–15

  • Kushner D (2013) The real story of Stuxnet. IEEE Spectr 50(3):48–53

    Article  MathSciNet  Google Scholar 

  • Leigh A (2003) Thinking ahead: Strategic foresight and government. Aust J Public Adm 62(2):3–10. doi:10.1111/1467-8497.00320

    Article  Google Scholar 

  • Li X, Gutman I (2006) Mathematical aspects of Randić-type molecular structure descriptors. University of Kragujevac and Faculty of Science Kragujevac, Mathematical Chemistry Monographs

  • Liljenstam M, Liu J, Nicol DM, Yuan Y, Yan G, Grier C (2006) Rinse: the real-time immersive network simulation environment for network security exercises (extended version). Simulation 82(1):43–59. doi:10.1177/0037549706065544

    Article  Google Scholar 

  • Lovász L, Pelikán J (1973) On the eigenvalues of trees. Period Math Hung 3(1–2):175–182

    Article  MATH  Google Scholar 

  • Lund MS, Solhaug B, Stølen K (2011) Model-driven risk analysis: the CORAS approach. Springer, Berlin

  • Macal CM, North MJ (2010) Tutorial on agent-based modelling and simulation. J Simul 4(3):151–162

    Article  Google Scholar 

  • Maier R (2004) Knowledge management systems. Information and communication technologies for knowledge management. Springer, Berlin

    Google Scholar 

  • Maier R (2007) Knowledge management systems—information and communication technologies for knowledge management. Springer, Berlin

  • Masala C, Pickl S (2013) Foresight analysis: quantitative methoden der Zukunftsanalyse. In: Wehrwissenschaftliche Forschung—Jahresbericht 2013, Bundesministerium der Verteidigung, pp 58–59

  • Masala C, Pickl S, Klüfers P, Leopold A, Lohmann S, Tsetsos K, Tepel T (2014) Future methods catalogue. Universität der Bundeswehr München, Technical report

  • Miles I, Saritas O (2012) The depth of the horizon: searching, scanning and widening horizons. Foresight 14(6):530–545. doi:10.1108/14636681211284953

  • Minoli D (1975) Combinatorial graph complexity. Atti Accad Naz Lincei, VIII Ser, Rend, Cl Sci Fis Mat Nat 59:651–661

    MathSciNet  Google Scholar 

  • Mowsho-witz A, Dehmer M (2012) Entropy and the complexity of graphs revisited. Entropy 14(3):559–570

    Article  MathSciNet  ADS  Google Scholar 

  • National Institute of Standards and Technology (2011) Managing information security risk: organization, mission, and information system view. http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908030. Accessed 13 Nov 2014

  • National Research Council (2010) Letter report for the committee on deterring cyberattacks: informing strategies and developing options for U.S. policy. Technical report, National Research Council

  • Newman MEJ (2003) The structure and function of complex networks. SIAM Rev 45:167–256

    Article  MATH  MathSciNet  ADS  Google Scholar 

  • Noel S, Jajodia S, Wang L, Singhal A (2010) Measuring security risk of networks using attack graphs. Int J Next-Gener Comput 1(1):135–147

    Google Scholar 

  • NYS Office of Cyber Security (2012) Cybersecurity: risk management. http://www.dhses.ny.gov/ocs/local-government/documents/Risk-Management-Guide-2012.pdf. Accessed 10 Aug 2014

  • Palomino MA, Taylor T, Owen R (2012) Towards the development of an automated, web-based, horizon scanning system. In: Federated conference on computer science and information systems (FedCSIS), IEEE 2012, pp 1009–1016

  • Pickl S, Meyer-Nieberg S, Wellbrink J (2012) Reducing complexity with evolutionary data farming. SCS M&S Magazine, pp 47–53. ISBN 1-56555-374-8

  • Pinson S, Moraitis P (1997) An intelligent distributed system for strategic decision making. Group Decis Negot 6(1):77–108. doi:10.1023/A:1008640625674

    Article  Google Scholar 

  • Rademaker M (2009) National security strategy of the netherlands: an innovative approach. Inf Secur 23(1):51–61

    Google Scholar 

  • Ralson P, Graham J, Hieb J (2007) Cyber security risk assessment for SCADA and DCS networks. ISA Trans 46:583–594

    Article  Google Scholar 

  • Roy Sarkar K (2010) Assessing insider threats to information security using technical, behavioural and organisational measures. Inform Secur Tech Rep 15(3):112–133

    Article  Google Scholar 

  • Schneeweiss CA (2003) Distributed decision making, 2nd edn. Springer, Berlin

  • Schöhnbohm A (2011) Deutschlands sicherheit: cybercrime und cyberwar. Monsenstein und Vannerdat

  • Schutte M, Dehmer M (2013) Large-scale analysis of structural branching measures. J Math Chem 52(3):805–819

    Article  MathSciNet  Google Scholar 

  • Shakarian P, Shakarian J, Ruef A (2013) Introduction to cyber-warfare. A multidisciplinary approach. Syngress/Elsevier, Waltham

    Google Scholar 

  • Singer P, Friedman J (2014) Cybersecurity and cyberwar. Oxford University Press, Oxford

  • Soanes C, Stevenson A (eds) (2009) Oxford dictionary of English. Oxford University Press, Oxford

  • Sobik F (1982) Graphmetriken und Klassifikation strukturierter Objekte. ZKI-Informationen, Akad Wiss DDR 2(82):63–122

    Google Scholar 

  • Sokolova A, Makarova E (2013) Integrated framework for evaluation of national foresight studies. In: Meissner D, Gokhberg L, Sokolov A (eds) Science, technology and innovation policy for the future. Springer, Berlin, pp 11–30. doi:10.1007/978-3-642-31827-6_2

  • Stenberg M (2006) Managing the knowledge of the organization. In: Zielinski C, Duquenoy P, Kimppa K (eds) The Information Society: emerging landscapes. IFIP International Federation for Information Processing, vol 195. Springer Boston, pp 223–242. doi:10.1007/0-387-31168-8_14

  • Stutzki J (2014) Multilingual trend detection in the web, In: Proceedings of the 4th student conference on operational research SCOR 2014, OASICS, vol 37, pp 16–24

  • The SANS institute (2014). http://www.sans.org/. Accessed 04 Oct 2014

  • Todeschini R, Consonni V, Mannhold R (2002) Handbook of molecular descriptors. Wiley-VCH, Weinheim

    Google Scholar 

  • US Enterprise Information Security Office (2014). http://www.dhses.ny.gov/ocs/. Accessed 03 Oct 2014

  • Vester F (2000) Die Kunst vernetzt zu denken: Ideen und Werkzeuge für einen neuen Umgang mit Komplexität. DVA Stuttgart

  • Wong KY (2005) Critical success factors for implementing knowledge management in small and medium enterprises. Ind Manage Data Syst 105(3):261–279

    Article  Google Scholar 

  • Zelinka B (1975) On a certain distance between isomorphism classes of graphs. Časopis pro \({\overset{\lower0.5em\hbox{$\smash{\scriptscriptstyle\smile}$}}{\text{p}}}{\text{est}}\) Math 100:371–373

  • Zentis T, Czech A, Prefi T, Schmitt R (2011) Technisches Risikomanagement in produzierenden Unternehmen. Apprimus Verlag, Aachen

    Google Scholar 

  • Zsifkovits M, Pickl S, Meyer-Nieberg S (2014) Operations research for risk management in strategic foresight. Planet@Risk Submitted

Download references

Acknowledgments

The authors would like to thank Heinrich Buch and Dieter Budde for their invaluable discussions and insights. The support by the Planungsamt der Bundeswehr is gratefully acknowledged.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Silja Meyer-Nieberg.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dehmer, M., Meyer-Nieberg, S., Mihelcic, G. et al. Collaborative risk management for national security and strategic foresight. EURO J Decis Process 3, 305–337 (2015). https://doi.org/10.1007/s40070-015-0046-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s40070-015-0046-0

Keywords

Mathematics subject classification

Navigation