Abstract
The combination of national and corporate focus on critical infrastructure protection, and increasing complexity of information systems underlying business processes, make resilience a high priority in information systems planning and management. No approach exists which provides a practicable basis for understanding the resilience (aka survivability) of complex information environments (IEs), sufficient to warrant confidence in their support for critical enterprise missions or adequate for understanding the resilience implications of proposed changes. My research objectives are ; to design a process for analysing IE resiliency in large enterprises able to take into account the complexity and volatility of their operations ; to establish a case for an emulative approach to simulating behaviour of a complex enterprise IE in a way which supports analysis of propagation to critical business processes of the effect of potentially disruptive events on the infrastructure ; to design a tool to explore the practicability of emulative approaches to modelling and analysing complex IE behaviour A major part of this research is development of a simulation (SEALS) of a complex distributed IE, able to emulate the running/failure of simple business processes. This development catalysed many of the research observations. Its evaluation suggests IE emulation is technically feasible but requires much more work to handle scalability and provide behavioural fidelity and, like all other approaches, cannot yet encompass the human behaviours to which resilience is most sensitive. Novel aspects of my approach include ; an IE resilience analysis process focused on real (vs normative) enterprise behaviour including complex infrastructures, volatile missions and disparate stakeholders ; use of emulation, as a surrogate of the real IE, on which resilience experiments can be conducted ; using a java based generic simulation engine to build the emulation.