A Study of Information Security Practice in a Critical Infrastructure Application
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
Understanding insiders: An analysis of risk-taking behavior
Information Systems Frontiers
| Hi-index | 0.00 |
Incident management systems have the potential to improve security dramatically but often experience problems stemming from organizational, interpersonal and social constraints that limit their effectiveness. These limits may cause underreporting of incidents, leading to erroneous perceptions of the actual safety and security situation of the organization. The true security situation may be better understood and underreporting may be reduced if underlying systemic issues surrounding security incident management are taken into account. A dynamic simulation, based on the parallel experience of industrial incident management systems, illustrates the cumulative effects of rewards, learning, and retributions on the fate of a hypothetical knowledge management system designed to collect information about events and incidents. Simulation studies are part of an ongoing research project to develop sustainable knowledge and knowledge transfer tools that support the development of a security culture.