TY - JOUR
T1 - Incorporating Systems Thinking into a Cyber Resilience Maturity Model
AU - Shaked, Avi
AU - Tabansky, Lior
AU - Reich, Yoram
N1 - Publisher Copyright:
© 1973-2011 IEEE.
PY - 2021/4/1
Y1 - 2021/4/1
N2 - Achieving cyber resilient critical infrastructure poses a significant engineering management challenge. Society relies on infrastructure and services that extend beyond the managerial boundaries of a specific organizational entity, yet existing cybersecurity maturity models typically aim to assess a single organization. We offer a systems thinking approach to cyber resilience. Specifically, we relate to critical infrastructure and services in their sectoral system context, reimagining them as a system of systems. We then suggest exploring cyber resilience as a system property, with its expressions relating to the multiple dimensions of operation of the sector and to the different domains of practice. We discuss the dimensions of operation and domains of practice concepts that are embedded into a sectoral cyber resilience maturity model, which is under development. We demonstrate how these concepts frame a set of expressions that is designed to probe the sectoral design space; and propose how they may be further used as design considerations for improving the sector's cyber resilience.
AB - Achieving cyber resilient critical infrastructure poses a significant engineering management challenge. Society relies on infrastructure and services that extend beyond the managerial boundaries of a specific organizational entity, yet existing cybersecurity maturity models typically aim to assess a single organization. We offer a systems thinking approach to cyber resilience. Specifically, we relate to critical infrastructure and services in their sectoral system context, reimagining them as a system of systems. We then suggest exploring cyber resilience as a system property, with its expressions relating to the multiple dimensions of operation of the sector and to the different domains of practice. We discuss the dimensions of operation and domains of practice concepts that are embedded into a sectoral cyber resilience maturity model, which is under development. We demonstrate how these concepts frame a set of expressions that is designed to probe the sectoral design space; and propose how they may be further used as design considerations for improving the sector's cyber resilience.
UR - http://www.scopus.com/inward/record.url?scp=85098773577&partnerID=8YFLogxK
U2 - 10.1109/EMR.2020.3046533
DO - 10.1109/EMR.2020.3046533
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85098773577
SN - 0360-8581
VL - 49
SP - 110
EP - 115
JO - IEEE Engineering Management Review
JF - IEEE Engineering Management Review
IS - 2
M1 - 9302574
ER -