Externalizing Behaviour for Analysing System Models

Marieta Georgieva Ivanova; Christian W. Probst; René Rydhof Hansen; Florian Kammüller

Externalizing Behaviour for Analysing System Models

Marieta Georgieva Ivanova, Christian W. Probst, René Rydhof Hansen, Florian Kammüller

Research output: Contribution to journal › Article › Academic › peer-review

27 Downloads (Pure)

Abstract

Systems models have recently been introduced to model organisationsandevaluate their vulnerability to threats and especially insiderthreats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, manyattacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models.

Original language	English
Pages (from-to)	52-62
Number of pages	11
Journal	Journal of internet services and information security
Volume	3
Issue number	3/4
Publication status	Published - Nov 2013

Keywords

EC Grant Agreement nr.: FP7/2007-2013
EC Grant Agreement nr.: FP7/318003

Access to Document

Ivanova2013externalizingFinal published version, 951 KB

http://isyou.info/jisis/vol3/no34/5.htm

Cite this

@article{e8375e0ecc784878b8961b5faa7490d8,

title = "Externalizing Behaviour for Analysing System Models",

abstract = "Systems models have recently been introduced to model organisationsandevaluate their vulnerability to threats and especially insiderthreats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, manyattacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models.",

keywords = "EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/318003",

author = "Ivanova, {Marieta Georgieva} and Probst, {Christian W.} and Hansen, {Ren{\'e} Rydhof} and Florian Kamm{\"u}ller",

year = "2013",

month = nov,

language = "English",

volume = "3",

pages = "52--62",

journal = "Journal of internet services and information security",

issn = "2182-2069",

publisher = "Innovative Information Science and Technology Research Group",

number = "3/4",

}

TY - JOUR

T1 - Externalizing Behaviour for Analysing System Models

AU - Ivanova, Marieta Georgieva

AU - Probst, Christian W.

AU - Hansen, René Rydhof

AU - Kammüller, Florian

PY - 2013/11

Y1 - 2013/11

N2 - Systems models have recently been introduced to model organisationsandevaluate their vulnerability to threats and especially insiderthreats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, manyattacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models.

AB - Systems models have recently been introduced to model organisationsandevaluate their vulnerability to threats and especially insiderthreats. Especially for the latter these models are very suitable, since insiders can be assumed to have more knowledge about the attacked organisation than outside attackers. Therefore, manyattacks are considerably easier to be performed for insiders than for outsiders. However, current models do not support explicit specification of different behaviours. Instead, behaviour is deeply embedded in the analyses supported by the models, meaning that it is a complex, if not impossible task to change behaviours. Especially when considering social engineering or the human factor in general, the ability to use different kinds of behaviours is essential. In this work we present an approach to make the behaviour a separate component in system models, and explore how to integrate in existing models.

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EC Grant Agreement nr.: FP7/318003

M3 - Article

SN - 2182-2069

VL - 3

SP - 52

EP - 62

JO - Journal of internet services and information security

JF - Journal of internet services and information security

IS - 3/4

ER -

Externalizing Behaviour for Analysing System Models

Abstract

Keywords

Access to Document

Fingerprint

Cite this