Modeling Security Management of Information Systems: Analysis of a Ongoing Practical Case
How long could an organization survive without its information systems working efficiently? Frequent changes of the systems to protect, significant delays between efforts and results, the large amount of involved variables and the difficulty to measure some of them make security management a challenge for current companies. Simulation models provide a virtual environment that can help analyzing the dynamic balance between the affected key factors. These key factors include technical controls (software and hardware elements to protect the system), formal controls (procedures for guaranteeing an efficient use of technical controls) and security culture (human factors that affect the compliance of the designed procedures).