Investigating Information Security in Systems-of-Systems

Abstract

Context: Changes in society have made information systems more complex. This also happens to a category of systems defined as system-of-systems (SoS) and system-of-information systems (SoIS). Problem: Although SoS offers benefits to organizations, the difficulty of IT managers in dealing with information security in these systems can leave them vulnerable to threats and impacts caused by cyber-attacks. Solution: This study presents mechanisms and technologies that should be implemented to ensure that communication between systems is treated from the perspective of information security. IS theory: This research is based on the General Systems Theory that allows to understand SoS as a type of complex system. With the increase in tasks complexity, constituent systems collaborate and offer functionalities that could not be achieved by them in an isolated form. Method: A systematic mapping study (SMS) was carried out to identify how information security technologies are used in the context of SoS. Moreover, a survey research was conducted to analyze information security aspects in order to evaluate the results obtained in the SMS with respect to their applicability in industry. Summary of Results: 18 studies were reviewed in the SMS and 32 experts participated in the survey. Both studies show that stakeholders need to understand vulnerabilities, exposure, and the contribution technology makes to prevent cyberattacks and mitigate SoS risks. Contributions and Impact in the IS area: This work presents an overview of information security in SoS, highlighting related technologies so that stakeholders can reflect on cyber threats in decision-making processes in organizations, exploring the grand research challenge in IS “Smart Systems-of-Information Systems: Foundations and an Assessment Model for Research Development”.