Nowadays our society is increasingly becoming economic and social dependent on the cyberspace, which includes physical network assets and software based systems. However, the cyberspace is exposed to numerous risks, and there is a constant threat of xploitable vulnerabilities, which could cause significant reputational and economic damages to the companies. For addressing these increasing threats, the Italian National Cyber Security Framework was developed to offer a uniform approach to assessing cyber risks into organizations, as well as to help improve the related security through focused investments. Still, this evaluation is not a straightforward endeavor. Using the principles of the Systems Thinking paradigm, this work presents a way to put into causal relationship the self-assessment risk-categories of the framework by associating them to the various aspects of reference inside a theoretical organizational structure (composed of business areas, process, functions, and roles), hence deriving a systemic causal-effect relationship map capable of evidencing, at least qualitatively for this study, how a change in one or more categories is driving changes also into other ones.

Towards the Definition of a Dynamic/Systemic Assessment for Cyber Security Risks through a Systems Thinking Approach / Armenia, S.; Franco, E.; Nonino, F.; Spagnoli, E.. - (2017), pp. 72-72. (Intervento presentato al convegno 61st ISSS Meeting and World Conference tenutosi a Vienna; Austria).

Towards the Definition of a Dynamic/Systemic Assessment for Cyber Security Risks through a Systems Thinking Approach

Armenia S.;Franco E.;NONINO F.;
2017

Abstract

Nowadays our society is increasingly becoming economic and social dependent on the cyberspace, which includes physical network assets and software based systems. However, the cyberspace is exposed to numerous risks, and there is a constant threat of xploitable vulnerabilities, which could cause significant reputational and economic damages to the companies. For addressing these increasing threats, the Italian National Cyber Security Framework was developed to offer a uniform approach to assessing cyber risks into organizations, as well as to help improve the related security through focused investments. Still, this evaluation is not a straightforward endeavor. Using the principles of the Systems Thinking paradigm, this work presents a way to put into causal relationship the self-assessment risk-categories of the framework by associating them to the various aspects of reference inside a theoretical organizational structure (composed of business areas, process, functions, and roles), hence deriving a systemic causal-effect relationship map capable of evidencing, at least qualitatively for this study, how a change in one or more categories is driving changes also into other ones.
2017
61st ISSS Meeting and World Conference
04 Pubblicazione in atti di convegno::04d Abstract in atti di convegno
Towards the Definition of a Dynamic/Systemic Assessment for Cyber Security Risks through a Systems Thinking Approach / Armenia, S.; Franco, E.; Nonino, F.; Spagnoli, E.. - (2017), pp. 72-72. (Intervento presentato al convegno 61st ISSS Meeting and World Conference tenutosi a Vienna; Austria).
File allegati a questo prodotto
File Dimensione Formato  
Armenia_Towards-the-definition_2017.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 26.3 kB
Formato Adobe PDF
26.3 kB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1172120
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact