信息安全的系统理论过程分析:以adhaar为例

IF 2 4区管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Organizational Computing and Electronic Commerce Pub Date : 2019-07-03 DOI:10.1080/10919392.2019.1598608

P. Tarafdar, I. Bose

{"title":"信息安全的系统理论过程分析:以adhaar为例","authors":"P. Tarafdar, I. Bose","doi":"10.1080/10919392.2019.1598608","DOIUrl":null,"url":null,"abstract":"ABSTRACT A new way of thinking about cybersecurity is much needed to deal with the complex and dynamic cyber-ecosystem. In this paper, we introduce a systems thinking based approach for solving problems related to cybersecurity. We adapt the powerful safety-hazard analysis method, Systems Theoretic Process Analysis (STPA) based on systems theory to analyze the cybersecurity related features of India’s massive digital identity program, Aadhaar. Our findings produce important insights. On one hand, it helps identify the security gaps of the Aadhaar system, and on the other hand, it provides controls using systems thinking to overcome these gaps. We contribute to understanding the world of cybersecurity practices and develop risk mitigation strategies that can benefit the Aadhaar.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"29 1","pages":"209 - 222"},"PeriodicalIF":2.0000,"publicationDate":"2019-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10919392.2019.1598608","citationCount":"7","resultStr":"{\"title\":\"Systems theoretic process analysis of information security: the case of aadhaar\",\"authors\":\"P. Tarafdar, I. Bose\",\"doi\":\"10.1080/10919392.2019.1598608\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT A new way of thinking about cybersecurity is much needed to deal with the complex and dynamic cyber-ecosystem. In this paper, we introduce a systems thinking based approach for solving problems related to cybersecurity. We adapt the powerful safety-hazard analysis method, Systems Theoretic Process Analysis (STPA) based on systems theory to analyze the cybersecurity related features of India’s massive digital identity program, Aadhaar. Our findings produce important insights. On one hand, it helps identify the security gaps of the Aadhaar system, and on the other hand, it provides controls using systems thinking to overcome these gaps. We contribute to understanding the world of cybersecurity practices and develop risk mitigation strategies that can benefit the Aadhaar.\",\"PeriodicalId\":54777,\"journal\":{\"name\":\"Journal of Organizational Computing and Electronic Commerce\",\"volume\":\"29 1\",\"pages\":\"209 - 222\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2019-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1080/10919392.2019.1598608\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Organizational Computing and Electronic Commerce\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1080/10919392.2019.1598608\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2019.1598608","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 7

摘要

面对复杂、动态的网络生态系统，迫切需要一种新的网络安全思维方式。在本文中，我们介绍了一种基于系统思维的方法来解决与网络安全相关的问题。我们采用基于系统理论的强大的安全危害分析方法，系统理论过程分析(STPA)，来分析印度大规模数字身份计划Aadhaar的网络安全相关特征。我们的发现产生了重要的见解。一方面，它有助于识别Aadhaar系统的安全漏洞，另一方面，它提供了使用系统思维来克服这些漏洞的控制。我们致力于了解网络安全实践的世界，并制定有利于Aadhaar的风险缓解策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Systems theoretic process analysis of information security: the case of aadhaar

ABSTRACT A new way of thinking about cybersecurity is much needed to deal with the complex and dynamic cyber-ecosystem. In this paper, we introduce a systems thinking based approach for solving problems related to cybersecurity. We adapt the powerful safety-hazard analysis method, Systems Theoretic Process Analysis (STPA) based on systems theory to analyze the cybersecurity related features of India’s massive digital identity program, Aadhaar. Our findings produce important insights. On one hand, it helps identify the security gaps of the Aadhaar system, and on the other hand, it provides controls using systems thinking to overcome these gaps. We contribute to understanding the world of cybersecurity practices and develop risk mitigation strategies that can benefit the Aadhaar.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Organizational Computing and Electronic Commerce 工程技术-计算机：跨学科应用

CiteScore

5.80

自引率

17.20%

发文量

审稿时长

>12 weeks

期刊介绍： The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.