Cybersecurity dynamics in software development environment. What system traps do exist?
Vorschaubild nicht verfügbar
Autor:innen
Zeijlemaker, Sander
Autor:in (Körperschaft)
Publikationsdatum
2020
Typ der Arbeit
Studiengang
Sammlung
Typ
04B - Beitrag Konferenzschrift
Herausgeber:innen
Herausgeber:in (Körperschaft)
Betreuer:in
Übergeordnetes Werk
Proceedings of the 38th International Conference of the System Dynamics Society
Themenheft
DOI der Originalpublikation
Link
Reihe / Serie
Reihennummer
Jahrgang / Band
Ausgabe / Nummer
Seiten / Dauer
Patentnummer
Verlag / Herausgebende Institution
System dynamics society
Verlagsort / Veranstaltungsort
Online
Auflage
Version
Programmiersprache
Abtretungsempfänger:in
Praxispartner:in/Auftraggeber:in
Zusammenfassung
Increasing dependency on information technology and an increasing number of cyber-attacks give rise to concerns about secure software development methods. Building system dynamics models we research and compare the structure underlying the behaviour relevant to security software developments for both agile and traditional software delivery methods. The difference between these models is related to the key characteristics of these methods, but not to the security aspects itself. Both dynamic models show similar structures to developing software and cybersecurity dynamics. Our study shows that network externalities may evoke the acceptance trap. The acceptance trap begins when insecure software is brought into production and is actively used, because if software is available, it can generate income, while further security development will cost more money. Insecure software means the software still contains vulnerabilities that can be exploited by cybercriminals in near future. In order to exploit these vulnerabilities cybercriminals will launch cyber attackers. In such situation there may be a contamination effect caused by successful attacks may evoke more cybercriminal activities. These ongoing cyber-attacks will have such an impact that more and more security improvements and incident responses are needed, which result in increasingly higher costs. As a result, less capacity will be available for future software development. The model structures suggest that more time and money spent on security testing and resolving vulnerabilities helps to avoid the acceptance trap. Similar conclusions have been formulated in the field of Internet of Things adaptation research. Further model quantification, validation, and policy evaluation should provide further insights and recommendations to resolve the acceptance trap.
Schlagwörter
Fachgebiet (DDC)
330 - Wirtschaft
Veranstaltung
38th international conference of the system dynamics society
Startdatum der Ausstellung
Enddatum der Ausstellung
Startdatum der Konferenz
19.07.2020
Enddatum der Konferenz
24.07.2020
Datum der letzten Prüfung
ISBN
978-1-7138-2021-5
ISSN
Sprache
Englisch
Während FHNW Zugehörigkeit erstellt
Ja
Publikationsstatus
Veröffentlicht
Begutachtung
Peer-Review der ganzen Publikation
Open Access-Status
Closed
Lizenz
Zitation
ZEIJLEMAKER, Sander und Michael VON KUTZSCHENBACH, 2020. Cybersecurity dynamics in software development environment. What system traps do exist? In: Proceedings of the 38th International Conference of the System Dynamics Society. Online: System dynamics society. 2020. ISBN 978-1-7138-2021-5. Verfügbar unter: https://irf.fhnw.ch/handle/11654/43073