@conference {18679, title = {Modeling the Symptomatic Fixes Archetype in Enterprise Computer Security}, volume = {1}, year = {2006}, month = {2006/09//}, pages = {178 - 188}, abstract = {To support decision-making for security-risk mitigation and the appropriate selection of security countermeasures, we propose a system dynamics model of the security aspects of an enterprise system. We developed such an executable model, incorporating the concept of archetypes. We present here one archetype for computer security, namely symptomatic fixes (or shifting the burden). Using simulation, we show one instance of how this archetype can be used for recognizing and diagnosing typical situations, as well as for fixing problems. The global effects of changes and behavioral trends are examined, and other instances of symptomatic fixes in security are described as well}, keywords = {business data processing, decision making, decision-making, enterprise computer security, human factors, security of data, security-risk mitigation, symptomatic fixes archetype modeling, system dynamics model, system modeling}, doi = {10.1109/COMPSAC.2006.62}, author = {Rosenfeld,S. N. and Rus,I. and Michel Cukier} }