Loading...
Paper Type
Complete
Abstract
Governing and overseeing cyber security strategy is an extremely important precondition to sustainable business continuity. This applies to all IT reliant enterprises and especially critical infrastructure. However, the inevitability of human behavioral limitations, imperfections in security-boosting technology, and adversarial evolution guarantee that businesses will regularly face cyber threats. Managing this complex dynamic nature of the modern cybersecurity landscape requires a different toolset. In our anonymized critical infrastructure case study – a financial fortune 500 organization – we augmented a cyber risk management approach, with a System Dynamics approach, to simulate future performance for the current cyber security strategy. We compared our results with their current reporting structure. Unlike this reporting structure, our simulation results were able to provide early warnings about future strategy failure, estimate the ‘shelf time’ of this strategy, identify multiple failing security measures (lapses in control), and foresee potential breach impacts.
Paper Number
1250
Recommended Citation
zeijlemaker, sander; Pal, Ranjan; and Siegel, Michael, "Strengthening Managerial Foresight to Defeat Cyber Threats" (2024). AMCIS 2024 Proceedings. 18.
https://aisel.aisnet.org/amcis2024/security/security/18
Strengthening Managerial Foresight to Defeat Cyber Threats
Governing and overseeing cyber security strategy is an extremely important precondition to sustainable business continuity. This applies to all IT reliant enterprises and especially critical infrastructure. However, the inevitability of human behavioral limitations, imperfections in security-boosting technology, and adversarial evolution guarantee that businesses will regularly face cyber threats. Managing this complex dynamic nature of the modern cybersecurity landscape requires a different toolset. In our anonymized critical infrastructure case study – a financial fortune 500 organization – we augmented a cyber risk management approach, with a System Dynamics approach, to simulate future performance for the current cyber security strategy. We compared our results with their current reporting structure. Unlike this reporting structure, our simulation results were able to provide early warnings about future strategy failure, estimate the ‘shelf time’ of this strategy, identify multiple failing security measures (lapses in control), and foresee potential breach impacts.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC