Maintaining Security and Safety in High-Threat E-Operations Transitions

Migrating to new modes of operation are perilous times for most organizations. For firms that routinely work in high-threat, high-reward situations, the risks of innovation are particularly challenging. This paper develops a systems-based approach to understanding these risks. We draw examples from one firm migrating to e-operations for offshore oil platforms to increase profitability. The firm recently participated in a facilitated group model building exercise to examine the effects of the migration on the organization, and found several interesting and unanticipated barriers and hazards to the transition. The results of the workshop demonstrate the use of qualitative modeling approaches to complex problems, as well as a method to reduce concern about data confidentiality in security-conscious environments.¹

[1]  George P. Richardson,et al.  Scripts for group model building , 1997 .

[2]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[3]  Dean Tjosvold,et al.  Book review : Group model building : facilitating team learning using system dynamics , 1998 .

[4]  George P. Richardson,et al.  Teamwork in group model building , 1995 .

[5]  John D. Sterman,et al.  Business dynamics : systems thinking and modelling for acomplex world , 2002 .

[6]  Jose J. Gonzalez Towards a Cyber Security Reporting System - A Quality Improvement Process , 2005, SAFECOMP.

[7]  J.D. Sterman,et al.  Nobody Ever Gets Credit for Fixing Problems That Never Happened: Creating and Sustaining Process Improvement , 2001, IEEE Engineering Management Review.

[8]  Robin M. Ruefle,et al.  State of the Practice of Computer Security Incident Response Teams (CSIRTs) , 2003 .

[9]  Raymond R. Panko Computer Security Incident Response Teams (CSIRTs) , 2004 .

[10]  Luis F. Luna-Reyes,et al.  Collecting and analyzing qualitative data for system dynamics: methods and models , 2003 .

[11]  George P. Richardson,et al.  Introduction to System Dynamics Modeling with DYNAMO , 1981 .

[12]  Steffen Bayer,et al.  Business dynamics: Systems thinking and modeling for a complex world , 2004 .

[13]  Simon Peck,et al.  Group Model Building: Facilitating Team Learning Using System Dynamics , 1996, J. Oper. Res. Soc..

[14]  Finn Olav Sveen,et al.  Helping prevent information security risks in the transition to integrated operations , 2005 .

[15]  David F. Andersen,et al.  Preliminary System Dynamics Maps of the Insider Cyber-threat Problem , 2004 .

[16]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .