Using Socio-Technical and Resilience Frameworks to Anticipate Threat

This paper explores how frameworks based on socio-technical systems thinking and theories of resilience can be applied within the field of business security in order to help anticipate and subsequently prevent organizational threats. The paper applies a socio-technical framework to two fictional terrorism scenarios as exemplars, namely a cyber systems attack at the London 2012 Olympics and poisoning of the UK's water supply in order to anticipate the key contributors to these threats. The resilience factors are proposed as features of interrelating systems that should also be considered to analyze and adjust to threats effectively. Within this paper the resilience factor of anticipation is applied to terrorist scenarios, along with the socio-technical framework. This paper highlights the dangers associated with holding myopic views of threats and concludes that by using the socio-technical framework and considering the six resilience factors it is possible for organizations to anticipate in a more systemic way, to become more resilient to a variety of organizational attacks. Ideas for future research are discussed.

[1]  Robert L. Wears,et al.  Resilience Engineering: Concepts and Precepts , 2006, Quality and Safety in Health Care.

[2]  W. Pasmore,et al.  Sociotechnical Systems: A North American Reflection on Empirical Studies of the Seventies , 1982 .

[3]  C W Clegg,et al.  Sociotechnical principles for system design. , 2000, Applied ergonomics.

[4]  E. Trist,et al.  Some Social and Psychological Consequences of the Longwall Method of Coal-Getting , 1951 .

[5]  A. K. Rice Productivity and Social Organization in an Indian Weaving Shed , 1953 .

[6]  C. Clegg,et al.  Crowd disasters: a socio-technical systems perspective , 2011 .

[7]  Albert Cherns,et al.  Principles of Sociotechnical Design Revisted , 1987 .

[8]  E. Trist The Evolution of Socio-Technical Systems: A Conceptual Framework and an Action Research Program , 1981 .

[9]  J. Shaoul Human Error , 1973, Nature.

[10]  Albert B. Cherns,et al.  The Principles of Sociotechnical Design , 1976 .

[11]  Enid Mumford,et al.  The story of socio‐technical design: reflections on its successes, failures and potential , 2006, Inf. Syst. J..

[12]  Jens Rasmussen,et al.  Risk management in a dynamic society: a modelling problem , 1997 .

[13]  Barry H. Kantowitz,et al.  Human Factors: Understanding People-System Relationships , 1983 .

[14]  Denis D. Smith Business (not) as usual: crisis management, service recovery and the vulnerability of organisations , 2005 .

[15]  John Mylopoulos,et al.  An ontology for secure socio-technical systems , 2007 .

[16]  Pascale Carayon,et al.  Human factors of complex sociotechnical systems. , 2006, Applied ergonomics.

[17]  C. S. Holling Resilience and Stability of Ecological Systems , 1973 .

[18]  Ken Eason,et al.  The process of introducing information technology , 1982 .

[19]  James T. Reason,et al.  A systems approach to organizational error , 1995 .

[20]  F. Emery Characteristics of Socio-Technical Systems , 1993 .

[21]  L Lisette Kanse,et al.  Errors and error recovery , 2000 .

[22]  Allan McConnell,et al.  Preparing for Critical Infrastructure Breakdowns: The Limits of Crisis Management and the Need for Resilience , 2007 .

[23]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[24]  Henrik Hassel,et al.  Towards a System-Oriented Framework for Analysing and Evaluating Emergency Response , 2010 .

[25]  Samir Dani,et al.  Resilience: the concept, a literature review and future directions , 2011 .

[26]  M. Hillyard Public Crisis Management: How and Why Organizations Work Together to Solve Society's Most Threatening Problems , 2000 .