http://www.dagstuhl.de/16461

November 13 – 18 , 2016, Dagstuhl Seminar 16461

Assessing ICT Security Risks in Socio-Technical Systems

Organizers

Tyler W. Moore (University of Tulsa, US)
Christian W. Probst (Technical University of Denmark – Lyngby, DK)
Kai Rannenberg (Goethe-Universität Frankfurt am Main, DE)
Michel van Eeten (TU Delft, NL)

For support, please contact

Dagstuhl Service Team

Documents

List of Participants
Shared Documents
Dagstuhl Seminar Schedule [pdf]

Motivation

In this seminar we will investigate systematic methods and tools to estimate ICT security risks in socio-technical systems and their economic environment. In particular, we search for novel security risk assessment methods that integrate different types of socio-technical security metrics.

As we progress from classic mechanical or electrical production systems, over ICT systems, to socio-technical systems, risk assessment becomes increasingly complex and difficult. Risk assessment for traditional engineering systems assumes the systems to be deterministic. In non-deterministic systems, standard procedure is to fix those factors that are not deterministic. These techniques do not scale to ICT systems where many risks are hard to trace due to the immaterial nature of information. Beyond ICT systems, socio-technical systems also contain human actors as integral parts of the system. In such socio-technical systems there may occur unforeseen interactions between the system, the environment, and the human actors, especially insiders.

Assessing the risk of the ICT system for human actors is difficult; assessing the risk of the human actor for the ICT system is difficult, too. Both ways require an understanding of how to address issues in these systems in a systematic way. Building on the findings of the predecessor seminars on insider threats and security metrics, we will explore the embedding of human behavior and security metrics into methods to support risk assessment:

  • Security metrics provide approaches for measuring information security risk in a socio-technical context;
  • Economics provides techniques for measuring the impact of risks and the cost for identifying the risk;
  • Risk assessment provides approaches for identifying and quantifying relevant risks; and
  • Human factors provide approaches for understanding and explaining human behavior.

Seminar activities

In this seminar we plan to explore the following areas in inter-disciplinary working group sessions working on a joint scenario:

  • Definitions of socio-technical systems;
  • Relation between vulnerability, privacy, and economic metrics;
  • Contrast between data required and data available in practice for the development of effective risk assessment methods (tools);
  • Direct and indirect economic impact of implementing those methods; and
  • Methods and tools to make security metrics available for risk assessment in socio-technical systems.

Objectives, prospective outcomes

The topics outlined above are mutually dependent, and their relation is largely unexplored. By bringing together communities that work in the seminar area and its boundaries, we plan to continue the fruitful collaborations started in previous seminars of this series. Taking their findings to the next level will require identification of possible systematic developments for tool support of risk assessment in socio-technical attacks. We expect the seminar to initiate the discussion of these systematic developments, and to lead to new interdisciplinary project proposals on national and international level. During the seminar we will identify leaders for promising follow-up activities and publications, and will work with the involved participants on reaching these goals.

Related Dagstuhl Seminar

Classification

  • Modelling / Simulation
  • Security / Cryptology
  • Society / Human-computer Interaction

Keywords

  • Security risk management
  • Economics of risk assessment
  • Socio-technical security
  • Human factor
  • Return on security investment

Book exhibition

Books from the participants of the current Seminar 

Book exhibition in the library, ground floor, during the seminar week.

Documentation

In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.

 

Download overview leaflet (PDF).

Publications

Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.

NSF young researcher support