Modeling and Analysing Socio-Technical Systems

Zaruhi Aslanyan; Marieta G. Ivanova; Flemming Nielson; Christian W. Probst

Modeling and Analysing Socio-Technical Systems

Zaruhi Aslanyan, Marieta G. Ivanova, Flemming Nielson, Christian W. Probst

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

18 Downloads (Pure)

Abstract

Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An increasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineering. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk assessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach simplifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact.

Original language	English
Title of host publication	1st International Workshop on Socio-Technical Perspective in IS development (STPIS)
Place of Publication	Aachen, Germany
Publisher	CEUR
Pages	121-124
Number of pages	4
Publication status	Published - 9 Jun 2015
Event	1st International Workshop on Socio-Technical Perspective in IS development, STPIS 2015 - Stockholm, Sweden Duration: 9 Jun 2015 → 9 Jun 2015 Conference number: 1

Publication series

Name	CEUR Workshop Proceedings
Publisher	CEUR-WS.org
Volume	1374
ISSN (Print)	1613-0073

Workshop

Workshop	1st International Workshop on Socio-Technical Perspective in IS development, STPIS 2015
Abbreviated title	STPIS
Country	Sweden
City	Stockholm
Period	9/06/15 → 9/06/15

Keywords

SCS-Cybersecurity
EC Grant Agreement nr.: FP7/318003
EC Grant Agreement nr.: FP7/2007-2013

Access to Document

Aslanyan2015modelling
open
Final published version, 643 KB

http://ceur-ws.org/Vol-1374/paper11.pdf

Fingerprint Dive into the research topics of 'Modeling and Analysing Socio-Technical Systems'. Together they form a unique fingerprint.

Cite this

Aslanyan, Z., Ivanova, M. G., Nielson, F., & Probst, C. W. (2015). Modeling and Analysing Socio-Technical Systems. In 1st International Workshop on Socio-Technical Perspective in IS development (STPIS) (pp. 121-124). (CEUR Workshop Proceedings; Vol. 1374). Aachen, Germany: CEUR.

@inproceedings{4ad347590fe34cfa9c2e5ca34d689dca,

title = "Modeling and Analysing Socio-Technical Systems",

abstract = "Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An increasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineering. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk assessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach simplifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact.",

keywords = "SCS-Cybersecurity, EC Grant Agreement nr.: FP7/318003, EC Grant Agreement nr.: FP7/2007-2013",

author = "Zaruhi Aslanyan and Ivanova, {Marieta G.} and Flemming Nielson and Probst, {Christian W.}",

year = "2015",

month = "6",

day = "9",

language = "English",

series = "CEUR Workshop Proceedings",

publisher = "CEUR",

pages = "121--124",

booktitle = "1st International Workshop on Socio-Technical Perspective in IS development (STPIS)",

}

Aslanyan, Z, Ivanova, MG, Nielson, F & Probst, CW 2015, Modeling and Analysing Socio-Technical Systems. in 1st International Workshop on Socio-Technical Perspective in IS development (STPIS). CEUR Workshop Proceedings, vol. 1374, CEUR, Aachen, Germany, pp. 121-124, 1st International Workshop on Socio-Technical Perspective in IS development, STPIS 2015, Stockholm, Sweden, 9/06/15.

Modeling and Analysing Socio-Technical Systems. / Aslanyan, Zaruhi; Ivanova, Marieta G.; Nielson, Flemming; Probst, Christian W.

1st International Workshop on Socio-Technical Perspective in IS development (STPIS). Aachen, Germany : CEUR, 2015. p. 121-124 (CEUR Workshop Proceedings; Vol. 1374).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Modeling and Analysing Socio-Technical Systems

AU - Aslanyan, Zaruhi

AU - Ivanova, Marieta G.

AU - Nielson, Flemming

AU - Probst, Christian W.

PY - 2015/6/9

Y1 - 2015/6/9

N2 - Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An increasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineering. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk assessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach simplifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact.

AB - Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An increasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineering. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk assessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach simplifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact.

KW - SCS-Cybersecurity

KW - EC Grant Agreement nr.: FP7/318003

KW - EC Grant Agreement nr.: FP7/2007-2013

M3 - Conference contribution

T3 - CEUR Workshop Proceedings

SP - 121

EP - 124

BT - 1st International Workshop on Socio-Technical Perspective in IS development (STPIS)

PB - CEUR

CY - Aachen, Germany

ER -