Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Bridging the gap between business and technology in strategic decision-making for cyber security management
KTH Royal Institute of Technology, Sweden.
KTH Royal Institute of Technology, Sweden.
KTH Royal Institute of Technology, Sweden.
RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.ORCID iD: 0000-0003-2017-7914
2016 (English)In: PICMET 2016 - Portland International Conference on Management of Engineering and Technology: Technology Management For Social Innovation, Proceedings, 2016, p. 32-42, article id 7806663Conference paper, Published paper (Refereed)
Abstract [en]

System architectures are getting more and more complex. Thus, making strategic decisions when it comes to managing systems is difficult and needs proper support. One arising issue that managers need to take into account when changing their technology is security. No business is spared from threats in today's connected society. The repercussions of not paying this enough attention could result in loss of money and in case of cyber physical systems, also human lives. Thus, system security has become a high-level management issue. There are various methods of assessing system security. A common method that allows partial automation is attack graph based security analysis. This particular method has many variations and wide tool support. However, a complex technical analysis like the attack graph based one needs experts to run it and interpret the results. In this paper we study what kind of strategic decisions that need the support of threat analysis and how to improve an attack graph based architecture threat assessment method to fit this task. The needs are gathered from experts working with security management and the approach is inspired by an enterprise architecture language called ArchiMate. The paper contains a working example. The proposed approach aims to bridge the gap between technical analysis and business analysis making system architectures easier to manage.

Place, publisher, year, edition, pages
2016. p. 32-42, article id 7806663
Keywords [en]
Computer architecture, Embedded systems, Graphic methods, Industrial management, Enterprise Architecture, Partial automation, Security management, Strategic decision making, Strategic decisions, System architectures, Technical analysis, Threat assessment, Decision making
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-29368DOI: 10.1109/PICMET.2016.7806663Scopus ID: 2-s2.0-85016211936ISBN: 9781509035953 (print)OAI: oai:DiVA.org:ri-29368DiVA, id: diva2:1095639
Conference
2016 Portland International Conference on Management of Engineering and Technology (PICMET 2016), September 4-8, 2016, Honolulu, US
Available from: 2017-05-15 Created: 2017-05-15 Last updated: 2023-06-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Franke, Ulrik

Search in DiVA

By author/editor
Franke, Ulrik
By organisation
Software and Systems Engineering Laboratory
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 70 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf