Using systems dynamics for human resources management in information systems security
Abstract
Purpose
To enable quantitative and qualitative modelling of information systems security management that takes into account technology and human factor.
Design/methodology/approach
The approach is based on systems dynamics and it is done in two phases. In the first phase two basic qualitative models are developed, while in the second phase a possibility to further develop them into quantitative models is studied.
Findings
Appropriate approach to IS security management requires addressing “hard” and “soft” factors. Further, to enable quantitative study of such systems, which are highly non‐linear, exact analytical (mathematically rigorous) treatment is close to impossible. Thus, computer simulations have to be used. One appropriate methodological answer to the above requirements is systems (business) dynamics.
Research limitations/implications
Research limitations are partially related to system dynamics, which operates on an aggregates level. This prevents or makes harder study of phenomena at the micro level, from where the above‐mentioned aggregates emerge. Further, many sub‐areas need further standardisation to enable more realistic simulations – one such case is security policy standardisation and quantification. Similar holds true for threats/vulnerabilities and related taxonomies.
Practical implications
The research presents one of first steps in the direction that could provide quantitative models for effective IS security policy management in organisations.
Originality/value
The research presents two models, one for risk management and the other, which is a generic model that identifies basic variables that have to be addressed for IS security management. Further, findings can be used for security awareness courses.
Keywords
Citation
Trček, D. (2006), "Using systems dynamics for human resources management in information systems security", Kybernetes, Vol. 35 No. 7/8, pp. 1014-1023. https://doi.org/10.1108/03684920610675067
Publisher
:Emerald Group Publishing Limited
Copyright © 2006, Emerald Group Publishing Limited