A systemic approach to information and cyber security

Imagem de Miniatura
Download
Data
Data de publicação:
2020
Autores IPEN
Orientador
Título da Revista
ISSN da Revista
Título do Volume
É parte de
É parte de
É parte de
É parte de
INTERNATIONAL CONFERENCE ON NUCLEAR SECURITY
Exportar
Mendeley
Projetos de Pesquisa
Unidades Organizacionais
Fascículo
Resumo
Design Based Threat, or DBT, is a common principle for physical and cyber protection, which is based on threat assessments. The protection, cyber or physical, will be planned based on the type of the identified threat. While we acknowledge the importance of the DBT, we argue that following this line of reasoning may limit our ability to grasp other vulnerabilities the system may have due to the following assumptions: a) The system will behave according to the way we think it should, based on a predetermined fashion. b) If each component of the system is reliable, then the system will be reliable. Systems theory assumes that accidents are a result of systemic factors, and does not have a single root-cause, generally a failure, that starts a chain of events leading to the accident. Moreover, systems theory assumes that security and safety are emergent properties of a system that result from the interactions between the components of that system. Therefore, accidents are a problem of control of the interactions between the components of the system rather than a problem of failures of components. In the systemic approach a cyber security system is treated as part of the whole socio-technical complex system, where humans are components of the system and interact with the computerized controls. The organizational culture permeates the entire system affecting decisions and, consequently, the interactions between the components. Weak safety and security cultures will eventually contribute for the system to migrate to hazardous states leading to losses or accidents. The paper analyzes the roles of organizational, safety and security cultures, as underlying factors that can lead to the deterioration of the hierarchical control structure, which is supposed to keep the interactions between the components of the system within desirable constraints.

Como referenciar
LEMOS, F.L.; BIANCHI, P.H. A systemic approach to information and cyber security. In: INTERNATIONAL CONFERENCE ON NUCLEAR SECURITY, February 10-14, 2020, Vienna, Austria. Proceedings... p. 1-6. Disponível em: http://repositorio.ipen.br/handle/123456789/31576. Acesso em: 18 Apr 2024.
Esta referência é gerada automaticamente de acordo com as normas do estilo IPEN/SP (ABNT NBR 6023) e recomenda-se uma verificação final e ajustes caso necessário.

Agência de fomento
Assuntos
cybernetics; security; risk assessment; information systems; organizational models; management
URI
http://repositorio.ipen.br/handle/123456789/31576
Coleções
Eventos