Modeling and Analysing Socio-Technical Systems
Title | Modeling and Analysing Socio-Technical Systems |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | Aslanyan Z., Ivanova M.G, Nielson F., Probst C.W |
Conference Name | 1st International Workshop on Socio-Technical Perspective in IS development (STPIS), Stockholm, Sweden |
Date Published | June |
Publisher | CEUR |
Abstract | Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An in- creasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineer- ing. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk as- sessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach sim- plifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact. |
URL | http://ceur-ws.org/Vol-1374/paper11.pdf |