Security Evaluation of Information Systems with Systems Dynamics Approach (Study Case: Agriculture Bank)

Abstract :

The main goal of the current research is to identify and analyze the interactions between various factors affecting information security and risks in the information systems of the Agriculture Bank using the systems dynamics approach. The simulation results show that the scenarios of increasing the security budget and improving the awareness of employees will bring the greatest risk reduction in the 36-month time horizon for the bank's information system. In the time horizon of 3 years, the risk level of the bank's information system will reach below 0.01. While with the implementation of the security budget increase scenario, this amount will be less than 0.001. In the mentioned time horizon, by increasing the budget from 1000 units to 1500 units in the 10th month, the information security level of the Agriculture Bank will increase to about 95%. To achieve this goal, the optimal allocation of resources should include new technologies and continuous training of employees. Also, it is essential to develop and update security protocols and regularly assess the weaknesses of financial institutions. Finally, it is suggested to establish a continuous monitoring and evaluation system of the bank's information systems security and to use the advice of information security experts to optimize security strategies and approaches.

References:

14[ بجانی، صادق،1392، "ارتقای امنیت سرویس‌های وب مبتنی بر فنون تحمل پذیری نفوذ". فصلنامه پدافند الکترونیکی و سایبری، (1)1. 1392
]18[ جوکار, علی و پرتوی, محمدتقی." بررسی تأثیر فنآوری اطلاعات بر تصمیم گیری فرماندهان آجا". علوم و فنون نظامی، (21)8، 61-49. 1390.
]22[ اکبرنژاد، ابوالقاسم و چشک، کریم، "اولویت بندی مؤلفه‌های اثرگذار بر سیاست دفاعی- امنیتی جمهوری اسلامی ایران". 1399
]23[ جلالی، محمد و افشاری، مریم و مزینانیان، زینب،"تأثیر ابعاد زیست محیطی تغییرات اقلیمی بر امنیت ملی". 1399.
]24[ سوری، حمید. "رویکرد اپیدمیولوژی در پیشگیری از سوانح ترافیکی".. مجله دانش و تندرستی در علوم پایه پزشکی، 5، 1394.
]25[ خون جوش, ف.خ. و عاشوری, م. "بررسی تأثیر تنظیمات پارامترهای سخت‌افزاری بر انرژی مصرفی در الگوریتم ضرب برداری ماتریسهای تنک بر روی پردازنده های گرافیکی" فصلنامه فناوری اطلاعات و ارتباطات ایران، (9)31، 78-67. 1398.
]26[ بختیاری، ایرج. "تبیین نقش جنگ سایبری در جنگهای آینده". علوم و فنون نظامی، (28)10، 47-74. 1394.
]33[ عزیزی سرخانی, محمدجواد و کردلوئی, حمیدرضا. "بررسی ابزارهای امنیتی بانکداری الکترونیک در بخش بانکداری دولتی بانک های هند با مروری بر جهانی شدن". دانش سرمایه‌گذاری، (18) 5، 262-253، 1395.
]34[ فرزام نیا، نیما، عبدی, بهنام و رضائیان، علی. "ارائه الگوی حکمرانی خوب امنیت فضای سایبری در سازمان‌های دفاعی"، فصلنامه مدیریت نظامی، (77)20، 81-120. 1399.
]37[ شفیعی نیک آبادی، محسن، حکاکی، امیر و غلامشاهی، سارا. "مدلی پویا جهت ارزیابی امنیت سیستم‌های اطلاعاتی با استفاده از رویکرد پویایی‌شناسی سیستم‌ها" ، فصلنامه رشد فناوری، (16)64، 61-52. 1399.
]46[ همایون فر، مهدی، طلوعی اشلقی، عباس، فدایی اشکیکی، مهدی. "ارائه مدل سرمایه گذاری مناسب جهت تعامل صنعت و دانشگاه با رویکرد پویایی شناسی سیستم ها". فصلنامه دانش سرمایه گذاری، 8، 41-70، 1392.
[1] Moore, A., & Warkentin, M. “Cybersecurity: Principles and Practices”. Pearson.2019.
[2] Osmanbegović, E., Piric, N., & Suljic, M. “Information Security Controls As Determinant Of Continuity Of Information System Work”. Vol. XV, Issue 2, 35-42, 2017.
[3] Anderson, R., & Moore, T. The economics of information security. Science, 314(5799), 610-613. 2016.
[4] Bock, S. “Human Error and Cybersecurity in the Banking Sector”. Journal of Banking Technology, 15(2), 123-135.2021.
[5] Mortazavi-Alavi, Reza 2016. “A Risk-Driven Investment Model for Analysing Human Factors in Information Security”. PhD Thesis University of East London Architecture, Computing and Engineering, 2016.
[6] Lubua, E.W., Semlambo, A.A., & Mkude, C.G. “Factors Affecting the Security of Information Systems in Africa: A Literature Review”. University of Dar es Salaam Library Journal, 17(2), 94-114.2022.
[7] Alizadeh, A., Chehrehpak, M., Nasr, A.K., & Zamanifard, S. “An empirical study on effective factors on adoption of cloud computing in electronic banking: a case study of Iran banking sector”. Int. J. Bus. Inf. Syst., 33, 408-428.2020.
[8] Khan, H. U. , Malik, M. Z., Nazir, S. , and Khan,F., "Utilizing Bio Metric System for Enhancing Cyber Security in Banking Sector: A Systematic Analysis," in IEEE Access, vol. 11, pp. 80181-80198.2023.
[9] Rapina, R., Carolina, Y., Setiawan, S., Gania, A., Sandra, L.M., Darmasetiawan, J.B., & Fuentes, R.O. “Empirical Study on Banking in Indonesia: Factors Affecting Information Systems Quality”. Proceedings of the 2020 12th International Conference on Information Management and Engineering. 2020.
[10] Alsalamah, A. “Security Risk Management in Online System”. 5th Intl Conf on Applied Computing and Information Technology/4th Intl Conf on Computational Science/Intelligence and Applied Informatics/2nd Intl Conf on Big Data, Cloud Computing, Data Science (ACIT-CSII-BCD), 119-124.2017.
[11] Lestari, D., Tama, A., Karlina, S., Sultan, A., & Tarwoto, T. “Factors Affecting Security Information Systems: Information Security, Threats and Cyber Attack, Physical Security, and Information Technology”. International Journal of Informatics and Information Systems, 7(1), 16-21.2024.
[12] Noubissi, A.C., Iguchi-Cartigny, J., & Lanet, J. “Hot updates for Java based smart cards”. IEEE 27th International Conference on Data Engineering Workshops, 168-173.2011.
[13] Putra Utama, F., & Hilmi Nurhadi, R.M. “Uncovering the Risk of Academic Information System Vulnerability through PTES and OWASP Method”, COMMIT (Communication and Information Technology) Journal. 18(1), 39-51.2024.
[15] Rajendran, S. R., N. F., Dipu, Tarek, S., H. M., Kamali, Farahmandi F. and Tehranipoor, M., "Exploring the Abyss? Unveiling Systems-on-Chip Hardware Vulnerabilities Beneath Software," in IEEE Transactions on Information Forensics and Security, vol. 19, pp. 3914-3926, 2024,
[16] Alaidi, A. H. M. “Enhanced a TCP security protocol by using optional fields in TCP header”. Journal of Education College Wasit University, 1(24), 485-502.2016.
[17] Duddu, S., Rishita sai, A., Sowjanya, C.L., Rao, G.R., & Siddabattula, K. (2020). Secure Socket Layer Stripping Attack Using Address Resolution Protocol Spoofing. 2020 4th International Conference on Intelligent Computing and Control Systems (ICICCS), 973-978.
[19] Brown, L., & Green, T. (2022). The Impact of Data Types on Cyber Threats in Financial Institutions. International Journal of Cyber Studies, 9(2), 123-139.
[20] Li, Z., Xu, W., Shi, H., Zhang, Y., & Yan, Y. “Security and Privacy Risk Assessment of Energy Big Data in Cloud Environment”. Computational intelligence and neuroscience, 2398460. 2021. https://doi.org/10.1155/2021/2398460 (Retraction published Comput Intell Neurosci. 2023 Oct 18; 2023:9896475. doi: 10.1155/2023/9896475).
[21] Blesswin, J., Mary, S.J., Suryawanshi, S., Kshirsagar, V.G., Pabalkar, S.Y., Venkatesan, M., & Karunya, C.E. “Secure transmission of grayscale images with triggered error visual sharing”. Journal of Autonomous Intelligence. 2023.
[27] Hassan, R., Bandi, C., Tsai, M., Golchin, S., P D, S.M., Rafatirad, S., & Salehi, S. (2023). Automated Supervised Topic Modeling Framework for Hardware Weaknesses. 2023 24th International Symposium on Quality Electronic Design (ISQED), 1-8.
[28] Shehab, R., s.alismail, A., Amin Almaiah, D.M., Alkhdour, D.T., AlWadi, D.B., & Alrawad, D.M. “Assessment of Cybersecurity Risks and threats on Banking and Financial Services. Journal of Internet Services and Information Security” 14(3), 167-190.2024.
[29] White, R., & Black, S. “Historical Cyber Attacks and Their Future Implications for Banks. Cybersecurity Review”, 15(1), 88-102.2023.
[30] Tse, D.W., Tse, W.K., Ling, M.L., Lai, S.M., & Tevanotai, A. “Awareness in e-Banking Security and usage”, International Conference on Information Science, Electronics and Electrical Engineering, 2, 1176-1150. 2014.
[31] Lavanya, M., & Mangayarkarasi, D.S. “A Review on Detection of Cybersecurity Threats in Banking Sectors Using AI Based Risk Assessment”. Journal of Electrical Systems. Vol. 20 No. 6s, 1359-1365.2024.
[32] Dawodu, S.O., Omotosho, A., Akindote, O.J., Adegbite, A.O., & Ewuga, S.K. “CYBERSECURITY RISK ASSESSMENT IN BANKING: METHODOLOGIES AND BEST PRACTICES”. Computer Science & IT Research Journal, 4(3), 220-243. 2023.
[35] Dhanya, C., & Ramya, K. “Impact of System-Level Indicators of Chatbots on Perceived Usefulness and Intention to use for Banking Services”. The Review of Finance and Banking, 16(1), 43-55.2024.
[36] Fatoki, J.O. “The influence of cyber security on financial fraud in the Nigerian banking industry”. International Journal of Science and Research Archive, 9(02), 503–515.2023.