Systemic security risks in the telecommunications sector: An approach for security and integrity of networks and services
in the Proceedings of the 5th International Conference on Complexity, Future Information Systems and Risk, COMPLEXIS 2020, 8-9 May, ISBN: 978-989758427-5, p. 72-79, 2020
N. Mayer, and J.-S. Sottet
A strong emphasis is placed today on the security of Information Systems (IS) and on the management of information security risks. This tendency can be seen in numerous emerging regulations imposing a riskbased approach for IS security on entire economic sectors. However, a major drawback of the methods currently used is that risks are assessed individually by each organization for its own activities, and that no link is established between the risk management results of interacting organizations. In this paper, we propose an approach to deal with systemic risks, i.e. risks propagated from one organization to another due to dependencies between them. This approach is an extension of an existing framework used from 2015 by a European national regulator in the telecommunications sector.