A Socio-technical Systems Approach to Design and Support Systems Thinking in Cybersecurity and Risk Management Education

Erjon Zoto, Mazaher Kianpour, Stewart James Kowalski, Edgar Alonso Lopez-Rojas


Cybersecurity decisions are made across a range of social, technical, economic, regulatory and political domains. There is a gap between what companies and institutions plan to do while developing their internal IS-related policies and what should be done according to a multi-stakeholder system perspective in this area. Our task as researchers is to bridge this gap by offering potential solutions. The aim of our work is to promote the usage of the socio-technical systems (STS) approach to support the emerging role of systems thinking in cybersecurity education, using simulation as a supporting tool for learning. Meanwhile, new trends in cybersecurity curricula suggest an important shift toward new thinking approaches such as adversarial and systems thinking. We explored individuals’ adversarial and systems thinking skills in an open agent-based simulated environment and subsequently assessed the impact based on a participant survey. We discuss these results and point to directions for further investigation. The second contribution of the article is the provision of a tool for developing target users’ skills in making quantitative risk decisions and giving them a deeper understanding of the importance and use of key indices in the cyber risk management process.


Socio-technical Systems; Information Security; Systems Thinking; Adversarial Modeling; Agent-based Simulation; Risk Quantification

Full Text:


DOI: 10.7250/csimq.2019-18.04


1. Leveraging human factors in cybersecurity: an integrated methodological approach
Alessandro Pollini, Tiziana C. Callari, Alessandra Tedeschi, Daniele Ruscio, Luca Save, Franco Chiarugi, Davide Guerri
Cognition, Technology & Work  vol: 24  issue: 2  first page: 371  year: 2022  
doi: 10.1007/s10111-021-00683-y


  • There are currently no refbacks.

Copyright (c) 2019 Complex Systems Informatics and Modeling Quarterly