A Socio-technical Systems Approach to Design and Support Systems Thinking in Cybersecurity and Risk Management Education

Authors

  • Erjon Zoto Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Teknologivegen 22, 2815 Gjøvik https://orcid.org/0000-0001-9231-5437
  • Mazaher Kianpour Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Teknologivegen 22, 2815 Gjøvik
  • Stewart James Kowalski Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Teknologivegen 22, 2815 Gjøvik https://orcid.org/0000-0003-3601-8387
  • Edgar Alonso Lopez-Rojas Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Teknologivegen 22, 2815 Gjøvik https://orcid.org/0000-0002-9158-3488

DOI:

https://doi.org/10.7250/csimq.2019-18.04

Keywords:

Socio-technical Systems, Information Security, Systems Thinking, Adversarial Modeling, Agent-based Simulation, Risk Quantification

Abstract

Cybersecurity decisions are made across a range of social, technical, economic, regulatory and political domains. There is a gap between what companies and institutions plan to do while developing their internal IS-related policies and what should be done according to a multi-stakeholder system perspective in this area. Our task as researchers is to bridge this gap by offering potential solutions. The aim of our work is to promote the usage of the socio-technical systems (STS) approach to support the emerging role of systems thinking in cybersecurity education, using simulation as a supporting tool for learning. Meanwhile, new trends in cybersecurity curricula suggest an important shift toward new thinking approaches such as adversarial and systems thinking. We explored individuals’ adversarial and systems thinking skills in an open agent-based simulated environment and subsequently assessed the impact based on a participant survey. We discuss these results and point to directions for further investigation. The second contribution of the article is the provision of a tool for developing target users’ skills in making quantitative risk decisions and giving them a deeper understanding of the importance and use of key indices in the cyber risk management process.

Downloads

Published

29.04.2019

Issue

No. 18 (2019): Complex Systems Informatics and Modeling Quarterly

Section

Articles

License

Copyright (c) 2019 Erjon Zoto, Mazaher Kianpour, Stewart James Kowalski, Edgar Alonso Lopez-Rojas (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Zoto, E., Kianpour, M., Kowalski, S., & Lopez-Rojas, E. (2019). A Socio-technical Systems Approach to Design and Support Systems Thinking in Cybersecurity and Risk Management Education. Complex Systems Informatics and Modeling Quarterly, 18, 65-75. https://doi.org/10.7250/csimq.2019-18.04
Crossref
Scopus
Google Scholar
Europe PMC