A systemic approach to information and cyber security

LEMOS, F.L.; BIANCHI, P.H.

A systemic approach to information and cyber security

Download

Data de publicação

2020

Autores IPEN

PAULO HENRIQUE BIANCHI

FRANCISCO LUIZ DE LEMOS

É parte de

INTERNATIONAL CONFERENCE ON NUCLEAR SECURITY

Exportar

Resumo

Design Based Threat, or DBT, is a common principle for physical and cyber protection, which is based on threat assessments. The protection, cyber or physical, will be planned based on the type of the identified threat. While we acknowledge the importance of the DBT, we argue that following this line of reasoning may limit our ability to grasp other vulnerabilities the system may have due to the following assumptions: a) The system will behave according to the way we think it should, based on a predetermined fashion. b) If each component of the system is reliable, then the system will be reliable. Systems theory assumes that accidents are a result of systemic factors, and does not have a single root-cause, generally a failure, that starts a chain of events leading to the accident. Moreover, systems theory assumes that security and safety are emergent properties of a system that result from the interactions between the components of that system. Therefore, accidents are a problem of control of the interactions between the components of the system rather than a problem of failures of components. In the systemic approach a cyber security system is treated as part of the whole socio-technical complex system, where humans are components of the system and interact with the computerized controls. The organizational culture permeates the entire system affecting decisions and, consequently, the interactions between the components. Weak safety and security cultures will eventually contribute for the system to migrate to hazardous states leading to losses or accidents. The paper analyzes the roles of organizational, safety and security cultures, as underlying factors that can lead to the deterioration of the hierarchical control structure, which is supposed to keep the interactions between the components of the system within desirable constraints.

Como referenciar

LEMOS, F.L.; BIANCHI, P.H. A systemic approach to information and cyber security. In: INTERNATIONAL CONFERENCE ON NUCLEAR SECURITY, February 10-14, 2020, Vienna, Austria. Proceedings... p. 1-6. Disponível em: http://repositorio.ipen.br/handle/123456789/31576. Acesso em: 24 Mar 2026.

Esta referência é gerada automaticamente de acordo com as normas do estilo IPEN/SP (ABNT NBR 6023) e recomenda-se uma verificação final e ajustes caso necessário.

Assuntos

cybernetics; security; risk assessment; information systems; organizational models; management

URI

http://repositorio.ipen.br/handle/123456789/31576

Coleções

Eventos

Página do item completo