#ISSS2017 Vienna has ended

Tuesday, July 11 • 14:00 - 14:30
3112 Towards the Definition of a Dynamic/Systemic Assessment for Cyber Security Risks through a Systems Thinking Approach

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.

Armenia, Stefano; Ferreira Franco, Eduardo; Nonino, Fabio; Spagnol,i Emanuele

Stefano Armenia, Università degli Studi di Roma “La Sapienza”

Eduardo Ferreira Franco, Escola Politécnica of University of São Paulo

Fabio Nonino, Università degli Studi di Roma “La Sapienza”

Emanuele Spagnoli, PricewaterhouseCoopers

Nowadays our society is increasingly becoming economic and social dependent on the cyberspace, which includes physical network assets and software based systems. However, the cyberspace is exposed to numerous risks, and there is a constant threat of exploitable vulnerabilities, which could cause significant reputational and economic damages to the companies. For addressing these increasing threats, the Italian National Cyber Security Framework was developed to offer a uniform approach to assessing cyber risks into organizations, as well as to help improve the related security through focused investments. Still, this evaluation is not a straightforward endeavor. Using the principles of the Systems Thinking paradigm, this work presents a way to put into causal relationship the self-assessment risk-categories of the framework by associating them to the various aspects of reference inside a theoretical organizational structure (composed of business areas, process, functions, and roles), hence deriving a systemic causal-effect relationship map capable of evidencing, at least qualitatively for this study, how a change in one or more categories is driving changes also into other ones.

Keywords: National Cyber Security Framework; Cyber-security Risks; System thinking.


Stefano Armenia

Università degli Studi di Roma “La Sapienza”
avatar for Emanuele Spagnoli

Emanuele Spagnoli

Associate - Cybersecurity, PricewaterhouseCoopers

Tuesday July 11, 2017 14:00 - 14:30
2nd Floor, Room SR 125, Institut für Computertechnik,TU Wien Gußhausstraße 27-29, 1040 Wien, Austria

Attendees (3)