Study On Information Security Project Stakeholder Management Based On System Dynamics

With the development of Information technology and globalization,Information systems have become the most important resources a enterprise may need to survival and development,its clear that the Hackers may also think they can get more information from the Internet.And its not the golden age that they hacker for interests,but hacker for money,so Information security has to be an important work for everyone.Since risk management is the key work of CISO's,but most of them said that they did the security compliance-checking every year,and the again off the skin,the same problem.Lots of researchers tried to answer the problem,but failed to touch the fundamental reason.The traditional risk management strategy often pay to much attention on technical details,but do not work on the management of people.These people whom we called project stakeholders is are social person,not just some one who live alone,so if we want to study on them,we should consider a dynamic system and mutual influence status:among the people,between the people and system,or even individual's decision in the past and the current state relationship.If we just do simply isolated analysis,we will not see the wood for the trees,risk control then will be a hard work.In this paper,we study on a longer period of time from the enterprise risk management,use the OODA cycle to define the dynamic association of risk management and the self feedback process.Using the method of system dynamics,and the whole organization can be regarded as a complete system,the mutual influence between the people and the system analysis of the relationship,including OODA different people do the risk control cycle,the behavior of behavior logic,and the differences between the main circulation and influence of each other,and through the software simulation method of the quantitative analysis,study on real stakeholder behavior and motivation.Only when knowing the Stakeholder's behavior and motivation,can we apply the effective intervention measures in place,and get the expected risk control effect,in this way we can solve the problem of thankless task.