Cybersecurity dynamics in software development environment. What system traps do exist?

dc.contributor.authorZeijlemaker, Sander
dc.contributor.authorvon Kutzschenbach, Michael
dc.date.accessioned2024-04-24T06:20:40Z
dc.date.available2024-04-24T06:20:40Z
dc.date.issued2020
dc.description.abstractIncreasing dependency on information technology and an increasing number of cyber-attacks give rise to concerns about secure software development methods. Building system dynamics models we research and compare the structure underlying the behaviour relevant to security software developments for both agile and traditional software delivery methods. The difference between these models is related to the key characteristics of these methods, but not to the security aspects itself. Both dynamic models show similar structures to developing software and cybersecurity dynamics. Our study shows that network externalities may evoke the acceptance trap. The acceptance trap begins when insecure software is brought into production and is actively used, because if software is available, it can generate income, while further security development will cost more money. Insecure software means the software still contains vulnerabilities that can be exploited by cybercriminals in near future. In order to exploit these vulnerabilities cybercriminals will launch cyber attackers. In such situation there may be a contamination effect caused by successful attacks may evoke more cybercriminal activities. These ongoing cyber-attacks will have such an impact that more and more security improvements and incident responses are needed, which result in increasingly higher costs. As a result, less capacity will be available for future software development. The model structures suggest that more time and money spent on security testing and resolving vulnerabilities helps to avoid the acceptance trap. Similar conclusions have been formulated in the field of Internet of Things adaptation research. Further model quantification, validation, and policy evaluation should provide further insights and recommendations to resolve the acceptance trap.
dc.event38th international conference of the system dynamics society
dc.event.end2020-07-24
dc.event.start2020-07-19
dc.identifier.isbn978-1-7138-2021-5
dc.identifier.urihttps://irf.fhnw.ch/handle/11654/43073
dc.language.isoen
dc.publisherSystem dynamics society
dc.relation.ispartofProceedings of the 38th International Conference of the System Dynamics Society
dc.spatialOnline
dc.subject.ddc330 - Wirtschaft
dc.titleCybersecurity dynamics in software development environment. What system traps do exist?
dc.type04B - Beitrag Konferenzschrift
dspace.entity.typePublication
fhnw.InventedHereYes
fhnw.ReviewTypeAnonymous ex ante peer review of a complete publication
fhnw.affiliation.hochschuleHochschule für Wirtschaftde_CH
fhnw.affiliation.institutInstitut für Unternehmensführungde_CH
fhnw.openAccessCategoryClosed
fhnw.publicationStatePublished
relation.isAuthorOfPublicationeb99e39c-5f93-42fe-a5be-1f59ae5188f8
relation.isAuthorOfPublication.latestForDiscoveryeb99e39c-5f93-42fe-a5be-1f59ae5188f8
Dateien
Lizenzbündel
Gerade angezeigt 1 - 1 von 1
Lade...
Vorschaubild
Name:
license.txt
Größe:
1.36 KB
Format:
Item-specific license agreed upon to submission
Beschreibung: