von Kutzschenbach, Michael

Lade...
Profilbild
E-Mail-Adresse
Geburtsdatum
Projekt
Organisationseinheiten
Berufsbeschreibung
Nachname
von Kutzschenbach
Vorname
Michael
Name
von Kutzschenbach, Michael

Suchergebnisse

Gerade angezeigt 1 - 3 von 3
  • Publikation
    Decision-makers’ understanding of cyber-security’s systemic and dynamic complexity: insights from a board game for bank managers
    (MDPI, 2022) Zeijlemaker, Sander; Rouwette, Etiënne A. J. A.; Cunico, Giovanni; Armenia, Stefano; von Kutzschenbach, Michael [in: Systems]
    Cyber-security incidents show how difficult it is to make optimal strategic decisions in such a complex environment. Given that it is hard for researchers to observe organisations’ decisionmaking processes driving cyber-security strategy, we developed a board game that mimics this real-life environment and shows the challenges of decision-making. We observed cyber-security experts participating in the game. The results showed that decision-makers who performed poorly tended to employ heuristics, leading to fallacious decision approaches (overreaction strategies in place of proactive ones), and were not always aware of their poor performances. We advocate the need for decision support tools that capture this complex dynamic nature.
    01A - Beitrag in wissenschaftlicher Zeitschrift
  • Publikation
    Supply and service chain dynamics in a digital age. Going beyond the traditional usage of honeypot data
    (2021) von Kutzschenbach, Michael; Zeijlemaker, Sander
    The Beer Distribution Game Management Flight Simulator is a well-known approach to better understand the dynamics of supply chains and for teaching principles for effective management. Supply chain dynamics provides us with a lot of knowledge about the drivers for the bullwhip effect and levers to reduce this effect. In an increasingly digital world, the usage of information technology also reduces delays and improves the quality of information sharing. Both the increased dependency on information technology and introduction of new digital technological service concepts (like DAAS, PAAS, SAAS) intensify the potential of cyber risks to such chain. We believe this introduction to cyberspace evokes new game theory-like dilemmas with their own dynamic structure that may have an impact on the bullwhip effect. Our exploratory research focusses on a service chain. The basis of this paper is a modelling project where we have been able to combine honey pot data (external view / attacker view) with SD modelling techniques, including specific equations relevant to cyber-security. This combination provides us insights about the defenders’ strength and occurred incidents (internal view). Our application of honeypot data goes far beyond the regular intelligence gathering and scanning activities. This research highlighted that additional bullwhip effects, although differently observed, may occur in a service chain based on these new service concepts. We also noticed that sharing of security relevant information improves effective management in such chain. That is, early anticipation of the defender to limits the impact of cyber-attacks.
    06 - Präsentation
  • Publikation
    Cybersecurity dynamics in software development environment. What system traps do exist?
    (System dynamics society, 2020) Zeijlemaker, Sander; von Kutzschenbach, Michael [in: Proceedings of the 38th International Conference of the System Dynamics Society]
    Increasing dependency on information technology and an increasing number of cyber-attacks give rise to concerns about secure software development methods. Building system dynamics models we research and compare the structure underlying the behaviour relevant to security software developments for both agile and traditional software delivery methods. The difference between these models is related to the key characteristics of these methods, but not to the security aspects itself. Both dynamic models show similar structures to developing software and cybersecurity dynamics. Our study shows that network externalities may evoke the acceptance trap. The acceptance trap begins when insecure software is brought into production and is actively used, because if software is available, it can generate income, while further security development will cost more money. Insecure software means the software still contains vulnerabilities that can be exploited by cybercriminals in near future. In order to exploit these vulnerabilities cybercriminals will launch cyber attackers. In such situation there may be a contamination effect caused by successful attacks may evoke more cybercriminal activities. These ongoing cyber-attacks will have such an impact that more and more security improvements and incident responses are needed, which result in increasingly higher costs. As a result, less capacity will be available for future software development. The model structures suggest that more time and money spent on security testing and resolving vulnerabilities helps to avoid the acceptance trap. Similar conclusions have been formulated in the field of Internet of Things adaptation research. Further model quantification, validation, and policy evaluation should provide further insights and recommendations to resolve the acceptance trap.
    04B - Beitrag Konferenzschrift