Cyber Safety: A Systems Thinking and Systems Theory Approach to Managing Cyber Security Risks
نویسندگان
چکیده
If we are to manage security risks more effectively in today’s complex and dynamic cyber environment, then a new way of thinking is needed to complement traditional approaches. According to Symantec’s 2014 Internet Security Threat Report, in 2012 more than ten million identities that included real names, dates of birth, and social security were exposed by a single breach. In 2013 there were eight breaches that each exposed over ten million identities. These breaches were recorded despite the fact that significant resources are expended, on managing cyber security risks each year by businesses and governments. In this paper we examine why traditional approaches for managing cyber security risks are not yielding desired results, and propose a new approach for managing cyber security risks. This approach is based on a model for accident or incident analysis, used in Systems Safety field. The model is called SystemTheoretic Accident Model and Processes (STAMP). It is rooted in Systems Thinking and Systems Theory. We analyzed the largest cyber-attack at the time, reported in 2007 on a major US based retailer, using STAMP to understand the effectiveness of this approach. Our analysis revealed insights both at systemic and detailed level, which generated specific recommendations. The lessons learned from this analysis can be extended to help us to address the ongoing challenges to cyber security.
منابع مشابه
Cyber Safety: A Systems Theory Approach to Managing Cyber Security Risks – Applied to TJX Cyber Attack
To manage security risks more effectively in today’s complex and dynamic cyber environment, a new way of thinking is needed to complement traditional approaches. In this paper we propose a new approach for managing cyber security risks, based on a model for accident analysis used in the Systems Safety field, called System-Theoretic Accident Model and Processes (STAMP). We have adapted and appli...
متن کاملCyber Medical Education: Beyond the Integration of Concepts in Technology-based Learning
Introduction: Along with the transition from the digital era to the era of cyber-technology, medical professionals have been forced to use different conceptual systems to meet their informational and communicational needs. These emerging scientific concepts each have specific meaning which should be redefined in their own context so that they could be utilized in the conceptual systems of speci...
متن کاملAn Effective Attack-Resilient Kalman Filter-Based Approach for Dynamic State Estimation of Synchronous Machine
Kalman filtering has been widely considered for dynamic state estimation in smart grids. Despite its unique merits, the Kalman Filter (KF)-based dynamic state estimation can be undesirably influenced by cyber adversarial attacks that can potentially be launched against the communication links in the Cyber-Physical System (CPS). To enhance the security of KF-based state estimation, in this paper...
متن کاملPbnc 2012 Challenges of Cyber Security for Nuclear Power Plants
Nuclear Power Plants (NPPs) become one of the most important infrastructures in providing efficient and non-interrupted electricity in a country using radioactive elements due to global warming and shortage of fossil resources. To provide the higher reliability and better performance with additional diagnostic capabilities in operating NPPs, digital Instrumentation and Control (I&C) systems hav...
متن کاملCyber Security of FPGA-Based NPP I&C Systems: Challenges and Solutions
This paper presents an overview of the state-of-the-art of Field Programmable Gate Arrays(FPGA)-based Nuclear Power Plants (NPPs) Instrumentation and Control (I&C) systems cyber security assurance problem, starting from analysis of regulatory documents that cover various aspects of NPP I&C systems development and operation, FPGA technology implementation, as well as cyber security assessment an...
متن کامل