System Dynamics in Risk Management: A Primer

Presented at BSidesLV 2023, Aug. 9, 2023, 3 p.m. (Unknown duration)

Systems thinking is a mental model from engineering disciplines. Its sub-discipline called system dynamics visualizes the world in terms of stocks, flows, and feedback loops. In system dynamics, systems represented as a set of stocks and flows are constrained through balancing feedback loops, or they can enter compounding spirals (virtual or vicious) through reinforcing feedback loops. The goal is to identify leverage points where a small change can cause big and beneficial changes throughout a system. This way of thinking, analysis, and problem-solving can be applied to almost any field, yet information security education programs typically don't cover systems thinking and system dynamics. This primer will introduce systems thinking and walk attendees through creating causal loop diagrams with stocks and flows for information security and risk management scenarios, identifying balancing and reinforcing feedback loops, and understanding how delays and oscillations can affect complex systems. Consultants as well as risk management and infosec practitioners who are internal to companies may benefit from this session, which introduces a different approach that can become part of their toolset.

Presenters:

• Stephanie Losi
  Stephanie is an independent technology risk consultant and writes the Risk Musings newsletter. She is a huge fan of system dynamics. Previously, she worked as a senior bank examiner, focusing on IT and operational risk assessments of large financial firms. Her interests include operational resilience, risk management of emerging technologies, high-speed trading risk, and cross-pollinating ideas across different fields. In her spare time, she writes songs and makes visual art (the slow way).

Links:

• https://www.bsideslv.org/talks#GFNVZK

Similar Presentations:

• BSides Austin 2018 / Enhancing SOC1 by using feedback loops