Modelling the Enemies of an IT Security System - A Socio-Technical System Security Model

This paper presents a socio-technical security model for security systems that include both the system being defended and the attacking system. We first model security as a ratio or function of the states that an attacker can produce over the states that defend can control. We then sub divided the control states of a defending systems using the security value chain and socio technical system security model. The paper then presents two attempts to validate the acceptance of the defense model using cross culture surveys of individuals from over 20 different countries indicate culture variation in security modeling. An example of how an attacker can model an attack strategy is given at the end of the paper. The paper concludes with a discussion of how the modeling can be new research in modeling criminal organization using effective based operations methodology.