Abstract
Public decision makers are faced with the great challenge of detecting and identifying future risks. This concerns especially the field of national security. Decision makers must be able to identify threats in order to react to them adequately and so reduce risks. For this reason, a general risk management support guideline for public decision makers is developed which focuses on national security. The objective of the framework is to identify future risks, to analyze, and to evaluate them, so that concrete actions can be set to tackle the threats. The risk management framework is based on the core of the ISO 31000 risk management norm and guides the decision maker stepwise through the complex process. Therefore, several potential techniques and tools are combined in order to gain an overall picture of several scenarios. A collaboration of subject matter experts of several disciplines constitutes an important part of the process.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Notes
The notation follows the ISO 31000 standard.
The example is based upon an occurence in 2010, see (Schöhnbohm 2011).
References
Aalst WVD, van Hee KM (2002) Workflow management. Models, methods, and systems. Cooperative information systems. MIT Press, Cambridge
Adamic L, Huberman B (2000) Power-law distribution of the world wide web. Science 287:2115a
Aggestam L (2006) Learning organization or knowledge management—which came first, the chicken or the egg? Inf Technol Control 35(3A):295–302
Amanatidou E, Butter M, Carabias V, Könnölä T, Leis M, Saritas O, Schaper-Rinkel P, van Rij V (2012) On concepts and methods in horizon scanning: lessons from initiating policy dialogues on emerging issues. Sci Public Policy 39(2):208–221
Andress J, Winterfeld S (2014) Cyber warfare: techniques, tactics and tools for security practitioners, 2nd edn. Elsevier, Syngress
Barabási AL, Oltvai ZN (2004) Network biology: understanding the cell’s functional organization. Nat Rev Genet 5(2):101–113
Barth R, Meyer-Nieberg S, Pickl S, Schuler M, Wellbrink J (2012) A toolbox for operational analysis. In: Proceedings of the 2012 symposium on emerging applications of M&S in industry and academia symposium, Society for Computer Simulation International, San Diego, CA, EAIA’12, pp 3:1–3:8. http://dl.acm.org/citation.cfm?id=2338790.2338793
Bodrow W (2006) Knowledge management in small and medium-sized enterprises. In: Wang K, Kovacs G, Wozny M, Fang M (eds) Knowledge enterprise: intelligent strategies in product design, manufacturing, and management, IFIP International Federation for Information Processing, vol 207. Springer, Boston, pp 41–53. doi:10.1007/0-387-34403-9_5
Bonchev D (1983) Information theoretic indices for characterization of chemical structures. Research Studies Press, Chichester
Bonchev D (1995) Topological order in molecules 1. Molecular branching revisited. J Mol Struct 336(2–3):137–156
Bundesamt für Sicherheit in der Informationstechnik (2013) ICS-Security-Kompendium. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ICS/ICS-Security_kompendium_pdf.pdf?_blob=publicationFile
Bundesministerium des Innern (2009) Nationale Strategie zum Schutz Kritischer Infrastrukturen (KRITIS-Strategie). http://www.bmi.bund.de/cae/servlet/contentblob/544770/publicationFile/27031/kritis.pdf
Bundesministerium des Innern (2011) Cyber-Sicherheitsstrategie für Deutschland. Technical report, Bundesministerium des Innern. http://www.bmi.bund.de/DE/Themen/IT-Netzpolitik/IT-Cybersicherheit/Cybersicherheitsstrategie/cybersicherheitsstrategie_node.html
Bunke H (2000) Graph matching: theoretical foundations, algorithms, and applications. Proc Vis Interface 2000:82–88
Caralli RA, Stevens JF, Young LR, Wilson WR (2007) Introducing OCTAVE allegro: improving the information security risk assessment process. Technical Report CMU/SEI-2007-TR-012, Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8419. Accessed on 13 Nov 2014
Carneiro HA, Mylonakis E (2009) Google trends: a web-based tool for real-time surveillance of disease outbreaks. Clin Infect Dis 49(10):1557–1564
Chakrabarti S (2002) Mining the web: discovering knowledge from hypertext data. Morgan Kaufmann, San Francisco
Chauke Nehme C, de Miranda Santos M, Fellows Filho L, Massari Coelho G (2012) Challenges in communicating the outcomes of a foresight study to advise decision-makers on policy and strategy. Sci Public Policy. doi:10.1093/scipol/scs015
Choi H, Varian H (2012) Predicting the present with Google trends. Econ Rec 88(1):2–9
Dehmer M (2006) Strukturelle analyse web-basierter dokumente. Multimedia und Telekooperation. Deutscher Universitäts Verlag, Wiesbaden
Dehmer M (2008) Information processing in complex networks: graph entropy and information functionals. Appl Math Comput 201:82–94
Dehmer M, Emmert-Streib F (2014) Quantitative graph theory, theory and applications. CRC Press, Boca Raton
Dehmer M, Emmert-Streib F, Graber A, Salvador A (eds) (2011) Applied statistics for network biology. Quantitative and network biology. Wiley-Blackwell, New York
Dehmer M, Grabner M, Varmuza K (2012) Information indices with high discriminative power for graphs. PLoS ONE 7(e31):214
Dehmer M, Kraus V, Emmert-Streib F, Pickl S (2014) What is quantitative graph theory? CRC Press, Boca Raton, pp 1–33
Dorogovtsev SN, Mendes JFF (2003) Evolution of networks from biological networks to the internet and WWW. Oxford University Press, Oxford
Douramanis M (2014) Risk assessment for cyber threats to networked critical infrastructure. Master’s thesis, Universiteit Leiden, Universität der Bundeswehr München
Emmert-Streib F, Dehmer M (eds) (2010a) Analysis of microarray data: a network-based approach. Wiley VCH Publishing, Weinheim
Emmert-Streib F, Dehmer M (2010b) Identifying critical financial networks of the DJIA: towards a network based index. Complexity 16(1):24–33
Emmert-Streib F, Dehmer M (2010c) Influence of the time scale on the construction of financial networks. PLoS ONE 5(9):e12884
Emmert-Streib F, Dehmer M (2011) Networks for systems biology: conceptual connection of data and function. IET Syst Biol 5:185–207
Epstein J (2008) Generative social science studies in agent-based computational modelling. Princeton University Press, Princeton
Erdös P, Rényi P (1960) On the evolution of random graphs. Magyar Tud Akad Mat Kutató Int Közl 5:17–61
Federal Office for Civil Protection (2014) Integrated risk management. Bern, Switzerland
German Alliance for Cybersecurity (2014). https://www.allianz-fuer-cybersicherheit.de
Goldstone JA, Bates RH, Epstein DL, Gurr TR, Lustik MB, Marshall MG, Ulfelder J, Woodward M (2010) A global model for forecasting political instability. Am J Political Sci 54(1):190–208
Habegger B (2010) Strategic foresight in public policy: reviewing the experiences of the UK, Singapore, and the Netherlands. Futures 42(1):49–58
Harary F (1969) Graph theory. Addison Wesley Publishing Company, Reading, MA
Hauschild D, Leopold A, Lohmann S, Masala C, Meyer-Nieberg S, Pickl S, Plenk S, Tepel T, Zsifkovits M (2014) Quantitative methods of future studies, final report. Universität der Bundeswehr München, Technical report
International Organization for Standardization (2009) ISO 31000:2009 risk management—guidelines for principles and implementation of risk management
Klipper S (2011) Information security risk management, Risikomanagement mit ISO/IEC 27001, 27005 und 31010. Springer, New York
Kosala R, Blockeel H (2000) Web mining research: a survey. SIGKDD Explor 2(1):1–15
Kushner D (2013) The real story of Stuxnet. IEEE Spectr 50(3):48–53
Leigh A (2003) Thinking ahead: Strategic foresight and government. Aust J Public Adm 62(2):3–10. doi:10.1111/1467-8497.00320
Li X, Gutman I (2006) Mathematical aspects of Randić-type molecular structure descriptors. University of Kragujevac and Faculty of Science Kragujevac, Mathematical Chemistry Monographs
Liljenstam M, Liu J, Nicol DM, Yuan Y, Yan G, Grier C (2006) Rinse: the real-time immersive network simulation environment for network security exercises (extended version). Simulation 82(1):43–59. doi:10.1177/0037549706065544
Lovász L, Pelikán J (1973) On the eigenvalues of trees. Period Math Hung 3(1–2):175–182
Lund MS, Solhaug B, Stølen K (2011) Model-driven risk analysis: the CORAS approach. Springer, Berlin
Macal CM, North MJ (2010) Tutorial on agent-based modelling and simulation. J Simul 4(3):151–162
Maier R (2004) Knowledge management systems. Information and communication technologies for knowledge management. Springer, Berlin
Maier R (2007) Knowledge management systems—information and communication technologies for knowledge management. Springer, Berlin
Masala C, Pickl S (2013) Foresight analysis: quantitative methoden der Zukunftsanalyse. In: Wehrwissenschaftliche Forschung—Jahresbericht 2013, Bundesministerium der Verteidigung, pp 58–59
Masala C, Pickl S, Klüfers P, Leopold A, Lohmann S, Tsetsos K, Tepel T (2014) Future methods catalogue. Universität der Bundeswehr München, Technical report
Miles I, Saritas O (2012) The depth of the horizon: searching, scanning and widening horizons. Foresight 14(6):530–545. doi:10.1108/14636681211284953
Minoli D (1975) Combinatorial graph complexity. Atti Accad Naz Lincei, VIII Ser, Rend, Cl Sci Fis Mat Nat 59:651–661
Mowsho-witz A, Dehmer M (2012) Entropy and the complexity of graphs revisited. Entropy 14(3):559–570
National Institute of Standards and Technology (2011) Managing information security risk: organization, mission, and information system view. http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908030. Accessed 13 Nov 2014
National Research Council (2010) Letter report for the committee on deterring cyberattacks: informing strategies and developing options for U.S. policy. Technical report, National Research Council
Newman MEJ (2003) The structure and function of complex networks. SIAM Rev 45:167–256
Noel S, Jajodia S, Wang L, Singhal A (2010) Measuring security risk of networks using attack graphs. Int J Next-Gener Comput 1(1):135–147
NYS Office of Cyber Security (2012) Cybersecurity: risk management. http://www.dhses.ny.gov/ocs/local-government/documents/Risk-Management-Guide-2012.pdf. Accessed 10 Aug 2014
Palomino MA, Taylor T, Owen R (2012) Towards the development of an automated, web-based, horizon scanning system. In: Federated conference on computer science and information systems (FedCSIS), IEEE 2012, pp 1009–1016
Pickl S, Meyer-Nieberg S, Wellbrink J (2012) Reducing complexity with evolutionary data farming. SCS M&S Magazine, pp 47–53. ISBN 1-56555-374-8
Pinson S, Moraitis P (1997) An intelligent distributed system for strategic decision making. Group Decis Negot 6(1):77–108. doi:10.1023/A:1008640625674
Rademaker M (2009) National security strategy of the netherlands: an innovative approach. Inf Secur 23(1):51–61
Ralson P, Graham J, Hieb J (2007) Cyber security risk assessment for SCADA and DCS networks. ISA Trans 46:583–594
Roy Sarkar K (2010) Assessing insider threats to information security using technical, behavioural and organisational measures. Inform Secur Tech Rep 15(3):112–133
Schneeweiss CA (2003) Distributed decision making, 2nd edn. Springer, Berlin
Schöhnbohm A (2011) Deutschlands sicherheit: cybercrime und cyberwar. Monsenstein und Vannerdat
Schutte M, Dehmer M (2013) Large-scale analysis of structural branching measures. J Math Chem 52(3):805–819
Shakarian P, Shakarian J, Ruef A (2013) Introduction to cyber-warfare. A multidisciplinary approach. Syngress/Elsevier, Waltham
Singer P, Friedman J (2014) Cybersecurity and cyberwar. Oxford University Press, Oxford
Soanes C, Stevenson A (eds) (2009) Oxford dictionary of English. Oxford University Press, Oxford
Sobik F (1982) Graphmetriken und Klassifikation strukturierter Objekte. ZKI-Informationen, Akad Wiss DDR 2(82):63–122
Sokolova A, Makarova E (2013) Integrated framework for evaluation of national foresight studies. In: Meissner D, Gokhberg L, Sokolov A (eds) Science, technology and innovation policy for the future. Springer, Berlin, pp 11–30. doi:10.1007/978-3-642-31827-6_2
Stenberg M (2006) Managing the knowledge of the organization. In: Zielinski C, Duquenoy P, Kimppa K (eds) The Information Society: emerging landscapes. IFIP International Federation for Information Processing, vol 195. Springer Boston, pp 223–242. doi:10.1007/0-387-31168-8_14
Stutzki J (2014) Multilingual trend detection in the web, In: Proceedings of the 4th student conference on operational research SCOR 2014, OASICS, vol 37, pp 16–24
The SANS institute (2014). http://www.sans.org/. Accessed 04 Oct 2014
Todeschini R, Consonni V, Mannhold R (2002) Handbook of molecular descriptors. Wiley-VCH, Weinheim
US Enterprise Information Security Office (2014). http://www.dhses.ny.gov/ocs/. Accessed 03 Oct 2014
Vester F (2000) Die Kunst vernetzt zu denken: Ideen und Werkzeuge für einen neuen Umgang mit Komplexität. DVA Stuttgart
Wong KY (2005) Critical success factors for implementing knowledge management in small and medium enterprises. Ind Manage Data Syst 105(3):261–279
Zelinka B (1975) On a certain distance between isomorphism classes of graphs. Časopis pro \({\overset{\lower0.5em\hbox{$\smash{\scriptscriptstyle\smile}$}}{\text{p}}}{\text{est}}\) Math 100:371–373
Zentis T, Czech A, Prefi T, Schmitt R (2011) Technisches Risikomanagement in produzierenden Unternehmen. Apprimus Verlag, Aachen
Zsifkovits M, Pickl S, Meyer-Nieberg S (2014) Operations research for risk management in strategic foresight. Planet@Risk Submitted
Acknowledgments
The authors would like to thank Heinrich Buch and Dieter Budde for their invaluable discussions and insights. The support by the Planungsamt der Bundeswehr is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dehmer, M., Meyer-Nieberg, S., Mihelcic, G. et al. Collaborative risk management for national security and strategic foresight. EURO J Decis Process 3, 305–337 (2015). https://doi.org/10.1007/s40070-015-0046-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40070-015-0046-0