| dc.contributor.author | Rehak, Rainer | de |
| dc.date.accessioned | 2025-09-23T10:16:59Z | |
| dc.date.available | 2025-09-23T10:16:59Z | |
| dc.date.issued | 2025 | de |
| dc.identifier.isbn | 979-8-3315-2469-2 | de |
| dc.identifier.uri | https://www.ssoar.info/ssoar/handle/document/105004 | |
| dc.description.abstract | Digital systems are everywhere and we rely so much on those ubiquitous and interconnected systems that "the networked digital" could be called a hyper-infrastructure. But given the ongoing grave IT security incidents it still is a defective one. To approach this societal IT security problem I build on IT security theory and cyber security research to suggest a new paradigm called systemic IT security extending traditional individualistic understandings. Firstly, I map out the academic consensus on how the current state of IT security is not sufficient given the role IT plays in digitally networked societies. I then illustrate the societal consequences of IT insecurity using two major real-world incidents, the Mirai botnet and the WannaCry ransomware. Based on those characteristic examples, I flesh out how the current individualistic paradigm of IT security theory can not sufficiently grasp the increasingly interconnected nature of the issue. For furthering the fruitful academic discourse, I propose the holistic concept of systemic IT security. With it I define a criteria framework for extending current IT security approaches with the seven dimensions: problem scope, impact, timing, fairness, effective responsibility, resilience and complication. This framework can be used to extend IT security theory, assess concrete IT security measures in a structured manner, and even analyze policies regarding their contribution to systemic IT security. Flanking the framework I propose the new IT security protection goal of intention and expectation alignment and two new actor categories for threat modeling: systems manufacturers and service operators. Finally, the argument is summarized and the scientific merits of the new perspective are explicated: a more contextualized society-aware understanding of IT security. | de |
| dc.language | en | de |
| dc.subject.ddc | Soziologie, Anthropologie | de |
| dc.subject.ddc | Sociology & anthropology | en |
| dc.subject.other | information security; IT security; cyber security; society; politics of cyber security; resilience; ethics; interdependence; theory; threat modeling | de |
| dc.title | Towards Systemic IT Security: Introducing a Holistic Conceptual Framework for a Society-centered Perspective Connecting IT and Cyber Security | de |
| dc.title.alternative | Wege zu einer systemischen IT-Sicherheit: Einführung eines ganzheitlichen konzeptionellen Rahmens für eine gesellschaftsorientierte Perspektive, die IT- und Cybersicherheit miteinander verbindet | de |
| dc.description.review | begutachtet (peer reviewed) | de |
| dc.description.review | peer reviewed | en |
| dc.source.collection | 2025 IEEE 9th International Conference on Cryptography, Security and Privacy (CSP) | de |
| dc.publisher.country | JPN | de |
| dc.publisher.city | Okinawa | |
| dc.subject.classoz | Wissenschaftssoziologie, Wissenschaftsforschung, Technikforschung, Techniksoziologie | de |
| dc.subject.classoz | Sociology of Science, Sociology of Technology, Research on Science and Technology | en |
| dc.subject.thesoz | Informationstechnologie | de |
| dc.subject.thesoz | information technology | en |
| dc.subject.thesoz | Sicherheit | de |
| dc.subject.thesoz | security | en |
| dc.subject.thesoz | Bedrohung | de |
| dc.subject.thesoz | threat | en |
| dc.subject.thesoz | neue Technologie | de |
| dc.subject.thesoz | new technology | en |
| dc.subject.thesoz | Digitalisierung | de |
| dc.subject.thesoz | digitalization | en |
| dc.subject.thesoz | Vernetzung | de |
| dc.subject.thesoz | networking | en |
| dc.subject.thesoz | Technikfolgen | de |
| dc.subject.thesoz | effects of technology | en |
| dc.identifier.urn | urn:nbn:de:0168-ssoar-105004-3 | |
| dc.rights.licence | Deposit Licence - Keine Weiterverbreitung, keine Bearbeitung | de |
| dc.rights.licence | Deposit Licence - No Redistribution, No Modifications | en |
| ssoar.contributor.institution | Weizenbaum-Institut für die vernetzte Gesellschaft | de |
| internal.status | formal und inhaltlich fertig erschlossen | de |
| internal.identifier.thesoz | 10047425 | |
| internal.identifier.thesoz | 10036566 | |
| internal.identifier.thesoz | 10037879 | |
| internal.identifier.thesoz | 10053171 | |
| internal.identifier.thesoz | 10063943 | |
| internal.identifier.thesoz | 10053144 | |
| internal.identifier.thesoz | 10043853 | |
| dc.type.stock | incollection | de |
| dc.type.document | Konferenzbeitrag | de |
| dc.type.document | conference paper | en |
| dc.source.pageinfo | 144-155 | de |
| internal.identifier.classoz | 10220 | |
| internal.identifier.document | 16 | |
| dc.contributor.corporateeditor | IEEE Conference Publishing Services | |
| dc.source.conference | International Conference on Cryptography, Security and Privacy (CSP) | de |
| dc.event.city | Okinawa, Japan | de |
| internal.identifier.corporateeditor | 1502 | |
| internal.identifier.ddc | 301 | |
| dc.identifier.doi | https://doi.org/10.1109/CSP66295.2025.00032 | de |
| dc.date.conference | 2025 | de |
| dc.source.conferencenumber | 9 | de |
| dc.description.pubstatus | Postprint | de |
| dc.description.pubstatus | Postprint | en |
| internal.identifier.licence | 3 | |
| internal.identifier.pubstatus | 2 | |
| internal.identifier.review | 1 | |
| dc.subject.classhort | 50200 | de |
| internal.pdf.valid | true | |
| internal.pdf.wellformed | true | |
| internal.pdf.encrypted | false | |
