Information Systems Security Assessment Based on System Dynamics

With the rapid development of information technology, information systems security becomes more and more important for both national economics and people’s everyday life. Therefore, in this paper, we study on the problem of information systems security assessment. However, existing traditional methods has two major issues. First, it is unclear that whether there remains severe potential risks unrecognized, and thus the reliability is limited. Second, the assessment results deviate from the real one due to the time and environmental restrictions, the subjective reasons of the researchers, or biased observed data, etc. To this end, we propose to leverage system dynamics (SD) for information systems security assessment. Specifically, based on the analysis of casual loops and positive and negative feedbacks among factors, we explore potential risks and capture those who are impossible to be measured using traditional methods.

[1]  Shuo-Yan Chou,et al.  Air passenger demand forecasting and passenger terminal capacity expansion: A system dynamics framework , 2010, Expert Syst. Appl..

[2]  C. H. Lie,et al.  Fault Tree Analysis, Methods, and Applications ߝ A Review , 1985, IEEE Transactions on Reliability.

[3]  H. Schneider Failure mode and effect analysis : FMEA from theory to execution , 1996 .

[4]  Nina Schwarz,et al.  Simulation Models on Human-Nature Interactions in Urban Landscapes: A Review Including Spatial Economics, System Dynamics, Cellular Automata and Agent-based Approaches , 2009 .

[5]  Tansu Alpcan,et al.  Risk Management for IT Security: When Theory Meets Practice , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[6]  Vasilis Fthenakis,et al.  Hazard and operability (HAZOP) analysis. A literature review. , 2010, Journal of hazardous materials.

[7]  Josefa Mula,et al.  Fuzzy estimations and system dynamics for improving supply chains , 2010, Fuzzy Sets Syst..

[8]  Hassan Qudrat-Ullah,et al.  How to do structural validity of a system dynamics type simulation model: The case of an energy policy model , 2010 .

[9]  Krystyna Anne Stave,et al.  Participatory system dynamics modeling for sustainable environmental management: Observations from four cases , 2010 .

[10]  E. Melse The Financial Accounting Model from a System Dynamics' Perspective , 2006 .

[11]  Bev Littlewood,et al.  A Reliability Model for Systems with Markov Structure , 1975 .

[12]  Pei-Chann Chang,et al.  A system dynamics modeling approach for a military weapon maintenance supply system , 2010 .

[13]  Gail Ridley,et al.  COBIT and its utilization: a framework from the literature , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[14]  Brian Ritchie,et al.  Model based security risk analysis for web applications: the CORAS approach , 2002 .

[15]  Razman Mat Tahar,et al.  Understanding the complexity of container terminal operation through the development of system dynamics model , 2010 .

[16]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .