Search results

1 – 1 of 1
Per page
102050
Citations:
Loading...
Access Restricted. View access options
Article
Publication date: 1 August 2006

Denis Trček

To enable quantitative and qualitative modelling of information systems security management that takes into account technology and human factor.

2677

Abstract

Purpose

To enable quantitative and qualitative modelling of information systems security management that takes into account technology and human factor.

Design/methodology/approach

The approach is based on systems dynamics and it is done in two phases. In the first phase two basic qualitative models are developed, while in the second phase a possibility to further develop them into quantitative models is studied.

Findings

Appropriate approach to IS security management requires addressing “hard” and “soft” factors. Further, to enable quantitative study of such systems, which are highly non‐linear, exact analytical (mathematically rigorous) treatment is close to impossible. Thus, computer simulations have to be used. One appropriate methodological answer to the above requirements is systems (business) dynamics.

Research limitations/implications

Research limitations are partially related to system dynamics, which operates on an aggregates level. This prevents or makes harder study of phenomena at the micro level, from where the above‐mentioned aggregates emerge. Further, many sub‐areas need further standardisation to enable more realistic simulations – one such case is security policy standardisation and quantification. Similar holds true for threats/vulnerabilities and related taxonomies.

Practical implications

The research presents one of first steps in the direction that could provide quantitative models for effective IS security policy management in organisations.

Originality/value

The research presents two models, one for risk management and the other, which is a generic model that identifies basic variables that have to be addressed for IS security management. Further, findings can be used for security awareness courses.

Details

Kybernetes, vol. 35 no. 7/8
Type: Research Article
ISSN: 0368-492X

Keywords

1 – 1 of 1
Per page
102050