Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An increasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineering. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk assessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security prop...
International audienceThe increasing number of cyberattacks requires to incorporate security concern...
peer reviewedWe propose an operational framework for a social, technical and contextual analysis of ...
Security has been a growing concern for large organizations, especially financial and gov- ernmental...
Identification of threats to organisations and risk assessment often take into consideration the pur...
International audienceToday, most complex and large systems, such as healthcare systems, integrate t...
Social engineering attacks have drawn more and more attention from both academia and industry, due t...
International audienceDuring this last decade, there have been major improvements in technological a...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
This paper presents a socio-technical security model for security systems that include both the syst...
This report documents the program and the outcomes of Dagstuhl Seminar 16461 "Assessing ICT Security...
Recent initiatives that evaluate the security of physical systems with objects as assets and people ...
In the domain of Information security risk assessment really a complex decision-making process. Wher...
Recent initiatives that evaluate the security of physical systems with objects as assets and people ...
While many cyber security organizations urge the corporate world to use defence-in-depth to create v...
This research developed a methodology for the assessment of socio-technical information systems acce...
International audienceThe increasing number of cyberattacks requires to incorporate security concern...
peer reviewedWe propose an operational framework for a social, technical and contextual analysis of ...
Security has been a growing concern for large organizations, especially financial and gov- ernmental...
Identification of threats to organisations and risk assessment often take into consideration the pur...
International audienceToday, most complex and large systems, such as healthcare systems, integrate t...
Social engineering attacks have drawn more and more attention from both academia and industry, due t...
International audienceDuring this last decade, there have been major improvements in technological a...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
This paper presents a socio-technical security model for security systems that include both the syst...
This report documents the program and the outcomes of Dagstuhl Seminar 16461 "Assessing ICT Security...
Recent initiatives that evaluate the security of physical systems with objects as assets and people ...
In the domain of Information security risk assessment really a complex decision-making process. Wher...
Recent initiatives that evaluate the security of physical systems with objects as assets and people ...
While many cyber security organizations urge the corporate world to use defence-in-depth to create v...
This research developed a methodology for the assessment of socio-technical information systems acce...
International audienceThe increasing number of cyberattacks requires to incorporate security concern...
peer reviewedWe propose an operational framework for a social, technical and contextual analysis of ...
Security has been a growing concern for large organizations, especially financial and gov- ernmental...