Skip to Main Content
Networked information systems have not been restricted to closed organizations environments for more than a decade. They are now crucial in supporting operations of infrastructure, ranging from power plants to air-control systems. These networked information systems, essentially forming the current Internet, are thus highly sensitive kinds of infrastructure where security plays a central role. However, assuring their security has to address certain specific aspects with regard to risk management. This paper presents a new approach to support decision making in this complex area. It is based on a generic risk management model for distributed information systems that deploys system dynamics. Such an approach provides many advantages, like suitability for interdisciplinary use, providing a graphical view on the system structure and components relationships, real-time support for ldquowhat-ifrdquo scenarios, and the possibility for inclusion in automated decision support systems. It is especially suitable for education and risk awareness programs in organizations.
Date of Conference: 1-6 March 2009