{"title":"迈向资讯保安风险管理的系统方法","authors":"Y. Naudet, Nicolas Mayer, C. Feltus","doi":"10.1109/ARES.2016.76","DOIUrl":null,"url":null,"abstract":"Risk management in the field of information security is most often handled individually by enterprises, taking only a limited view on the influential factors coming from their providers, clients or more globally from their environment. This approach becomes less appropriate in the case of networked enterprises, which tend to form ecosystems with complex influence links. A more holistic approach is needed to take these into account, leading to systemic risk management, i.e. risk management on the entire system formed by the networked enterprises, to avoid perturbations of the ecosystem due to local, individual, decision-making. In this paper, we propose a new meta-model for Information System Security Risk Management (ISSRM), comprising systemic elements as defined in the General Systems Theory. We discuss the design of this new model, highlighting in particular how risk management can be related to a problem-solving approach and the important concepts that are instantiated when taking a systemic approach to ISSRM.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Towards a Systemic Approach for Information Security Risk Management\",\"authors\":\"Y. Naudet, Nicolas Mayer, C. Feltus\",\"doi\":\"10.1109/ARES.2016.76\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Risk management in the field of information security is most often handled individually by enterprises, taking only a limited view on the influential factors coming from their providers, clients or more globally from their environment. This approach becomes less appropriate in the case of networked enterprises, which tend to form ecosystems with complex influence links. A more holistic approach is needed to take these into account, leading to systemic risk management, i.e. risk management on the entire system formed by the networked enterprises, to avoid perturbations of the ecosystem due to local, individual, decision-making. In this paper, we propose a new meta-model for Information System Security Risk Management (ISSRM), comprising systemic elements as defined in the General Systems Theory. We discuss the design of this new model, highlighting in particular how risk management can be related to a problem-solving approach and the important concepts that are instantiated when taking a systemic approach to ISSRM.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.76\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.76","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards a Systemic Approach for Information Security Risk Management
Risk management in the field of information security is most often handled individually by enterprises, taking only a limited view on the influential factors coming from their providers, clients or more globally from their environment. This approach becomes less appropriate in the case of networked enterprises, which tend to form ecosystems with complex influence links. A more holistic approach is needed to take these into account, leading to systemic risk management, i.e. risk management on the entire system formed by the networked enterprises, to avoid perturbations of the ecosystem due to local, individual, decision-making. In this paper, we propose a new meta-model for Information System Security Risk Management (ISSRM), comprising systemic elements as defined in the General Systems Theory. We discuss the design of this new model, highlighting in particular how risk management can be related to a problem-solving approach and the important concepts that are instantiated when taking a systemic approach to ISSRM.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
