By Topic

A Systems Dynamics View of Security Assurance Issues: "The Curse of Complexity and Avoiding Chaos"

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)

ISA 99 defines security assurance as the target level of security that corresponds to the effectiveness of countermeasures to thwart cyber attacks against industrial automation systems. ISA intends to provide a scale of target levels of security which asset owners can then use to establish a minimum set of operational requirements. Each set is designed to protect selected zones or conduits against access to and use of devices, systems and data. Sounds good, but the complexities of this approach are exposed when the mathematics of the proposed model are well understood. In this paper a notional time/event model is used to describe the temporal characteristics of security assurance and the need to account for time dynamics and event dynamics. Because of the complexities, the common approach is to implement defense-in-depth mechanisms. Using a systems dynamics model, this paper shows why such mechanisms may make matters worse by significantly degrading the security assurance level.

Published in:

System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on

Date of Conference:

5-8 Jan. 2009