Section S13 Media and Politics, Panel P022 Coverage of Conflict: Uprising and Security Issues in the Media.

Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition public economics, a model of stewardship which addresses directly the question of resilience.

The SecReq approach: From Security Requirements to Secure Design while Managing Software Evolution in "Software Engineering (SE 2014)". Lecture Notes in Informatics. 2014
http://www-secse.cs.tu-dortmund.de/secse/pages/people/juerjens/publicati...

Page xii of the Preface specifically mentions the SECONOMICS project.

For decades, game theory and other group decision-making paradigms have been considered of little use in practical risk management problems.

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.

We analyze the case of protecting an airport, in which there is concern with terrorist threats against the Air Trac Control (ATC) Tower. To deter terrorist actions, airport authorities rely on various protective measures. They have considerable costs, but by deploying them, airport authorities expect to minimize the risks of terrorist actions. We aim at giving advice to the airport authorities by devising a security resource allocation plan. We use the framework of adversarial risk analysis to deal with the problem.