Abstract
There is little doubt that the proper functioning of our modern society depends upon cyberspace, and that the continued growth in appetite for new technology and the potential benefits associated with it shows little sign of abating. Unfortunately the reality of modern information and communications systems involves a complex array of hardware, middleware, software, communications protocols and services, operated by a diverse set of stakeholders (users and providers each with a heterogeneous set of changing motives (including personal, enterprise, or societal gains). Everyday services that we take for granted often rely on complex interdependent systems, with the result that a seemingly unrelated failure in one of the subsystems, invisible to the service consumer, may lead to an all too visible collapse of the service that they expect. In the context of information and network risk management this complexity means that it is currently very difficult to predict how an organisation might be impacted by vulnerabilities being exploited or failures accidentally manifesting elsewhere in a system. Additionally, organisations responsible for subsystems are likely to evolve different risk-management cultures and practice, making their adoption and use of network and information risk controls (and consequences for other interdependent subsystems) difficult to predict.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
BS ISO/IEC 27000:2009. Information technology-Security techniques - Information security management systems - Overview and vocabulary. ISO/IEC, Switzerland (July 2009)
Ross, et al.: Recommended security controls for federal information systems. NIST Special Publication 800-53, National Institute of Standards and Technology, Gaithersburg, MD, USA (December 2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Adetoye, A., Creese, S., Goldsmith, M., Hopkins, P. (2011). A Modelling Approach for Interdependency in Digital Systems-of-Systems Security - Extended Abstract. In: Xenakis, C., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2010. Lecture Notes in Computer Science, vol 6712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21694-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-21694-7_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21693-0
Online ISBN: 978-3-642-21694-7
eBook Packages: Computer ScienceComputer Science (R0)