Share This Article:

A Socio-Technical Approach to Cyber Risk Management and Impact Assessment

Abstract Full-Text HTML XML Download Download as PDF (Size:583KB) PP. 33-41
DOI: 10.4236/jis.2013.41005    3,693 Downloads   6,856 Views   Citations

ABSTRACT

Technology is increasingly being used by organisations to mediate social/business relationships and social/business transactions. While traditional models of impact assessment have focused on the loss of confidentiality, integrity and availability, we propose a new model based upon socio-technical systems thinking that places the people and the technology within an organisations business/functional context. Thus in performing risk management in a cyber security and safety context, a detailed picture of the impact that a security/safety incident can have on an organisation is developed. This in turn stimulates a more holistic view of the effectiveness, and appropriateness, of a counter measure.

Conflicts of Interest

The authors declare no conflicts of interest.

Cite this paper

K. Charitoudi and A. Blyth, "A Socio-Technical Approach to Cyber Risk Management and Impact Assessment," Journal of Information Security, Vol. 4 No. 1, 2013, pp. 33-41. doi: 10.4236/jis.2013.41005.

References

[1] Lili Sun, R. P. Srivastava and T. J. Mock, “An Information Systems Security Risk Assessment Model under Dempster-Shafer Theory of Belief Functions,” Journal of Management Information Systems, Vol. 22, No. 4, 2006, pp. 109-142. doi:10.2753/MIS0742-1222220405
[2] Collaboration, “Socio-Technical Systems Engineering Handbook,” St. Andrews University, St Andrews, 2011.
[3] W. M. Fox, “Sociotechnical System Principles and Guidelines: Past and Present,” Journal of Applied Behavioral Science, Vol. 31, No. 1, 1995, pp. 91-105. doi:10.1177/0021886395311009
[4] E. Trist and K. Bamforth “Some Social and Psychological Consequences of the Longwall Method of Coal Getting,” Human Relations, Vol. 4, No. 1, 1951, pp. 3-38.
[5] G. Dewsbury and J. Dobson, “Responsibility and Dependable Systems,” Springer, Berlin, 2007.
[6] P. Periorellis and J. E. Dobson, “Organisational Failures in Dependable Collaborative Enterprise Systems,” Journal of Object Technology, Vol. 1, No. 3, 2002, pp. 107-117.
[7] B. Aubert, M. Patry and A. Rivard, “A Framework for Information Technology Outsourcing Risk Management,” ACM SIGMIS Database, New York, 2005.
[8] K. Padayschee, “An Interpretive Study of Software Risk Management Perspectives, SAICSIT’02,” Proceedings of the 2002 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, 2002, Port Elizabeth, pp. 118-127.
[9] H. W. Lewis, et al., “Risk Assessment Review Group Report to the U.S. Nuclear Regulatory Commission,” National Technical Information Service, Technical Report, Alexandria, 1978. doi:10.2172/6489792
[10] R. Carvajal, “Systemic Netfields: The Systems’ Paradigm Crises. Part I,” Human Relations, Vol. 36, No. 3, 1983, pp. 227-246. doi:10.1177/001872678303600302
[11] A. J. C. Blyth, “Enterprise Modelling and Its Application to Organisational Requirements, Capture and Definition,” Ph.D. Thesis, University of Newcastle, Newcastle, 1995.
[12] J. R. Searle, “Speech Acts: An Essay in the Philosophy of Languages,” Cambridge University Press, Cambridge, 1984.
[13] J. J. Thomson, “Acts and Other Events (Contemporary Philosophy Series), Cornell University Press, New York, 1977.
[14] R. Nederpelt and F. Kamareddine, “Logical Reasoning: A First Course,” College Publications, London, 2004.
[15] M. Blowfield and A. Murray, “Corporate Responsibility,” Oxford University Press, Oxford, 2011.
[16] K. Brand and H. Boonen, “IT Governance CobiT 4.1—A Management Guide,” 3rd Edition, Van Haren Publishing, Zaltbommel, 2008
[17] C Feltus, “Strengthening Employee’s Responsibility to Enhance Governance of IT: COBIT RACI Chart Case Study,” Proceedings of the First ACM Workshop on Information Security Governance, New York, 9-13 November 2009, pp. 23-32. doi:10.1145/1655168.1655174

  
comments powered by Disqus

Copyright © 2018 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.