Advertisement

A Modelling Approach for Interdependency in Digital Systems-of-Systems Security - Extended Abstract

  • Adedayo Adetoye
  • Sadie Creese
  • Michael Goldsmith
  • Paul Hopkins
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6712)

Abstract

There is little doubt that the proper functioning of our modern society depends upon cyberspace, and that the continued growth in appetite for new technology and the potential benefits associated with it shows little sign of abating. Unfortunately the reality of modern information and communications systems involves a complex array of hardware, middleware, software, communications protocols and services, operated by a diverse set of stakeholders (users and providers each with a heterogeneous set of changing motives (including personal, enterprise, or societal gains). Everyday services that we take for granted often rely on complex interdependent systems, with the result that a seemingly unrelated failure in one of the subsystems, invisible to the service consumer, may lead to an all too visible collapse of the service that they expect. In the context of information and network risk management this complexity means that it is currently very difficult to predict how an organisation might be impacted by vulnerabilities being exploited or failures accidentally manifesting elsewhere in a system. Additionally, organisations responsible for subsystems are likely to evolve different risk-management cultures and practice, making their adoption and use of network and information risk controls (and consequences for other interdependent subsystems) difficult to predict.

Keywords

Situational Awareness Risk Control Security Control Information Security Management Security Management System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    BS ISO/IEC 27000:2009. Information technology-Security techniques - Information security management systems - Overview and vocabulary. ISO/IEC, Switzerland (July 2009)Google Scholar
  2. 2.
    Ross, et al.: Recommended security controls for federal information systems. NIST Special Publication 800-53, National Institute of Standards and Technology, Gaithersburg, MD, USA (December 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Adedayo Adetoye
    • 1
  • Sadie Creese
    • 1
  • Michael Goldsmith
    • 1
  • Paul Hopkins
    • 1
  1. 1.International Digital LaboratoryUniversity of WarwickCoventryUK

Personalised recommendations