Having completed the course, the students will be able to:
- Understand the dynamics challenges to implement security standards (the ISO 27000 family) in organizations
- Analyze security management challenges as a systemic problem involving technology, organization, human factors and incentives
- Create causal maps and develop models of dynamic systems of moderate size of relevance for information security
- Verify and validate the models, simulate scenarios and test policies.
- Assess which policies are good and bad, which are robust and whether they are realistic.
- Understand challenges that are due to dynamic complexity, such as policy resistance, i.e. the tendency for complex dynamic systems to react in a way that defeats well-meant policies that do not consider unintended side effects.
- Foundations – Security standards from the perspective of change and dynamics
- Introduction to qualitative system dynamics: Causal loop diagrams; System archetypes
- Modelling security management dynamics using system archetypes and causal loop diagrams
- Introduction to quantitative system dynamics: Causal structure and dynamic behaviour. Introduction to stocks and flows. Time delays.
- Basic system dynamics models of security management.
Pedagogiske metoder (fritekst)
Web-enabled course with forum
Vurdering av prosjekt(er)
- Two multiple choice exams counting each 15%
- Two individual projects (papers) counting each 35%
Each part must be individually approved of
Bokstavkarakterer, A (best) - F (ikke bestått)
Evaluated by the lecturer
Utsatt eksamen (tidl. kontinuasjon)
The whole course must be repeated.
The course requires active participation in projects – both in class and outside class.
Hands-on modelling exercises during class are best carried out in computer lab.
Students are encouraged to bring laptops to the classroom.
Maani, Kambiz E.; Cavana, Robert Y. Systems Thinking And Modelling. Pearson Education. 9781877371035.
Lectures, exercises and projects by Jose J. Gonzalez in Classfronter