System Dynamics as a Tool for Information Security

Many organizations are now so dependent on computer and computer-based Information Communication Technology (ICT) that disruptions may cause outcomes ranging from inconvenience to catastrophe. Information security has therefore gained increasing attention. Some people believe technology is the most effective way to secure the computer system. The investigation of incidents has led to an increasing awareness that a major part of security and safety problems is due to human factors. It is no longer technology that constrains the reliability of the systems. There is an emerging call for a holistic view that considers technology, human, and organization factors in managing information security risks. In this paper, we review the research and practices for information security since the 1960s. With the widespread use of computers and the Internet, a holistic and dynamic tool is needed We introduce System Dynamics (SD) as a tool for tackling the information security problem.