Modeling and simulating information security management

Authors:
Jose M. Sarriegi;Javier Santos;Jose M. Torres;David Imizcoz;Elyoenai Egozcue;Daniel Liberal
Affiliations:
Tecnun (University of Navarra);Tecnun (University of Navarra);Tecnun (University of Navarra);s21sec;s21sec;s21sec
Venue:
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Year:
2007

Citing 3
Cited 1

Applied cryptography (2nd ed.): protocols, algorithms, and source code in C

Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Business Dynamics

Business Dynamics
Managing information systems security: critical success factors and indicators to measure effectiveness

ISC'06 Proceedings of the 9th international conference on Information Security

Modelling approaches

Critical Infrastructure Protection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security Management is a complex task. It requires several interconnected activities: designing, implementing and maintaining a robust technical infrastructure, developing suitable formal procedures and building a widespread, agreed upon security culture. Thus, security managers have to balance and integrate all these activities simultaneously, which involves short and long-term effects and risks. For this reason, security managers need to correctly understand, achieve and maintain a dynamic equilibrium between all of them. The development of a simulation model can be an efficient approach towards this objective, as it involves making explicit key factors in security management and their interconnections to efficiently reduce organizational security risks. This endogenous perspective of the problem can help managers to design and implement more effective policies. This paper presents a methodology for developing simulation models for information security management. The use of this methodology is illustrated through examples.