Modeling and Analysing Socio-Technical Systems
|Title||Modeling and Analysing Socio-Technical Systems|
|Publication Type||Conference Paper|
|Year of Publication||2015|
|Authors||Aslanyan Z., Ivanova M.G, Nielson F., Probst C.W|
|Conference Name||1st International Workshop on Socio-Technical Perspective in IS development (STPIS), Stockholm, Sweden|
Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An in- creasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineer- ing. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk as- sessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach sim- plifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact.