University of Oulu

Kupfersberger, V., Schaberreiter, T., Wills, C., Quirchmayr, G. & Röning, J. "Applying soft systems methodology to complex problem situations in critical infrastructures : the CS-AWARE case study" International Journal on Advances in Security, issn 1942-2636, vol. 11, no. 3 & 4, year 2018, 191:200, http://www.iariajournals.org/security/.

Applying soft systems methodology to complex problem situations in critical infrastructures : the CS-AWARE case study

Saved in:
Author: Kupfersberger, Veronika1; Schaberreiter, Thomas1; Wills, Chris2;
Organizations: 1Faculty of Computer Science, University of Vienna (Vienna, Austria)
2CARIS Research Ltd. (Fowey, United Kingdom)
3Faculty of Information Technology and Electrical Engineering, University of Oulu (Oulu, Finland)
Format: article
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 0.7 MB)
Persistent link: http://urn.fi/urn:nbn:fi-fe2019070522825
Language: English
Published: IARIA, 2018
Publish Date: 2019-07-05
Description:

Abstract

Modern technology, in addition to all its benefits, creates new threats and attack vectors to individuals and organisations. In the past years, the number of cyber attacks has increased drastically as has the extent of their effects. These circumstances clearly show that a different approach to cybersecurity is required: a holistic, collaborative strategy to improve the security situation for society and the economy as a whole. In the European Union, the legal framework that is currently developing (like the network and information security (NIS) directive), recognises the increasing need for cooperation and collaboration among individual actors to improve cybersecurity. Information sharing is therefore one of the key elements of the NIS directive. In this paper, we present and demonstrate a system and dependency analysis based on soft systems thinking. This approach is able to capture the relations between assets and their internal and external dependencies in the complex systems of organisations. It is applicable to critical infrastructures or other organisations that base their operations on complex systems and interactions. The analysis approach introduced is done in a socio-technological manner; the human aspect of the systems is considered as important as the technical or organisational aspects. The case study presented in this paper, covering the first steps towards the development of a holistic cybersecurity awareness solution, is based on three focus points: an initial threat assessment for local public administrations (LPAs), an analysis of external information sources and an analysis of the piloting scenarios based on the first round of soft systems analysis workshops. The results of which are essential to the development of the solutions implementation framework and further software development.

see all

Series: International journal on advances in security
ISSN-E: 1942-2636
Volume: 11
Issue: 3&4
Pages: 191 - 200
Type of Publication: A1 Journal article – refereed
Field of Science: 113 Computer and information sciences
Subjects:
Funding: We would like to thank the EU H2020 project CS-AWARE ("A cybersecurity situational awareness and information sharing solution for local public administrations based on advanced big data analysis", project number 740723) and the Austrian national KIRAS project CERBERUS ("Cross Sectoral Risk Management for Object Protection of Critical Infrastructures", project number 854766) for supporting this work. The Biomimetics and Intelligent Systems Group (BISG) would like to acknowledge the support of Infotech Oulu.
EU Grant Number: (740723) CS-AWARE - A cybersecurity situational awareness and information sharing solution for local public administrations based on advanced big data analysis
Copyright information: 2018, © Copyright by authors, Published under agreement with IARIA - www.iaria.org. Published in this repository with the kind permission of the publisher.