Guest Editorial: “Complexity is the Worst Enemy of Security”: Studying Cybersecurity Through the Lens of Organizational Complexity
回顾了Schneier的复杂性原则,结合本期两篇论文探讨了组织复杂性与网络安全的关系,并指出信息系统领域研究这一主题的潜力与未来方向。
Writing about computer systems twenty-five years ago, Schneier wrote that “the worst enemy of security is complexity” (Schneier, 1999), because complex systems are both easier to attack and harder to secure than simpler ones. In this essay, we provide an overview of Schneier’s complexity principle and provide our observations of how two articles in this issue, Liang et al. (2025) and Tanriverdi et al. (2025), employed this principle in their research. We also offer our ideas for why complexity and cybersecurity are especially amenable for study in the field of information systems and where future research can go from here.