A Modelling Approach for Interdependency in Digital Systems-of-Systems Security - Extended Abstract
- 475 Downloads
There is little doubt that the proper functioning of our modern society depends upon cyberspace, and that the continued growth in appetite for new technology and the potential benefits associated with it shows little sign of abating. Unfortunately the reality of modern information and communications systems involves a complex array of hardware, middleware, software, communications protocols and services, operated by a diverse set of stakeholders (users and providers each with a heterogeneous set of changing motives (including personal, enterprise, or societal gains). Everyday services that we take for granted often rely on complex interdependent systems, with the result that a seemingly unrelated failure in one of the subsystems, invisible to the service consumer, may lead to an all too visible collapse of the service that they expect. In the context of information and network risk management this complexity means that it is currently very difficult to predict how an organisation might be impacted by vulnerabilities being exploited or failures accidentally manifesting elsewhere in a system. Additionally, organisations responsible for subsystems are likely to evolve different risk-management cultures and practice, making their adoption and use of network and information risk controls (and consequences for other interdependent subsystems) difficult to predict.
KeywordsSituational Awareness Risk Control Security Control Information Security Management Security Management System
Unable to display preview. Download preview PDF.
- 1.BS ISO/IEC 27000:2009. Information technology-Security techniques - Information security management systems - Overview and vocabulary. ISO/IEC, Switzerland (July 2009)Google Scholar
- 2.Ross, et al.: Recommended security controls for federal information systems. NIST Special Publication 800-53, National Institute of Standards and Technology, Gaithersburg, MD, USA (December 2007)Google Scholar