Jose Julio Gonzalez

Verified

Jose verified their affiliation via an institutional email.

Learn more

Verified

Jose verified their affiliation via an institutional email.

Learn more

• PhD
• Professor at University of Agder

As global risks evolve, evaluating literature on crisis management and response becomes essential for addressing systemic risks in transboundary crisis scenarios. Reverse engineering (deconstructing and recreating existing research to assess and improve its findings) offers a valuable tool for generating new insights into published work on crisis m...

Systemic risk is ubiquitous in our increasingly globalised world owing to the interconnections within and across sectors. However, a review of National Risk Assessments performed in OECD member countries reveals that systemic risk is rarely mentioned, and it is never accounted for in those assessments. A powerful method accounts for systemic risk a...

Systemic risks are embedded in the complex networks of an increasingly interconnected world. Achieving the Sendai Framework for Disaster Risk Reduction, the Paris Agreement on Climate Change 2015 and the 2030 Agenda for Sustainable Development require that risk mitigation involves not only experts but ‘power-brokers’ – those with the power to act....

The COVID-19 pandemic has activated hundreds of interdependent long-lasting risks across all sectors of society. Zoonotic diseases are on the rise, fuelled by climatic change, by encroachment and destruction of habitats, and by unsustainable practices. Risk assessment and management must be greatly improved to prevent even worse consequences than C...

Maturity models enhance the performance of companies by prescribing a trajectory through stages of increasing capability. However, a recent review of maturity models concludes that current maturity models hardly meet the design principles required for prescriptive use. To address this deficiency, we conducted semistructured interviews and a Group M...

Critical Infrastructures (CIs) are resources that are essential for the performance of society, including its economy and its security. Large-scale disasters, whether natural or man-made, can have devastating primary (direct) effects on some CI and significant indirect effects (cascading effects) on other CIs, because CIs are interconnected and dep...

Owing to the complexity of Critical Infrastructures and the richness of issues to analyze, numerous approaches are used to model the behavior of CIs. Organizations having homeland security as mission often conduct desktop-based simulations using judgmental assessment of CI interdependencies and cascading failures. Expert estimates concern direct ef...

In rapid-onset disasters the time needed for evacuation is crucial. Aside from the behaviour of the population, the road network plays a fundamental role. It serves as a medium to reach a safe area. This study analyses the entire evacuation process, from decision-making up to the arrival at an evacuation zone by combining standardised questionnaire...

There is an extensive literature on modelling cascading effects in Critical Infrastructures (CIs). Concerning the cascading impacts of a cyber-attack upon other CIs, a detailed scenario analysis done by the Norwegian Directorate of Civil Protection concludes that a considerable impact could be achieved. However, the analysis admits that the probabi...

The capability to be resilient in the face of crises and disasters is a topic of highest political concern in Europe especially as far as critical infrastructures and urban environments are concerned. Critical infrastructures are systems or part of systems essential for the maintenance of vital societal functions, the disruption or destruction of w...

Disaster management and the health sector ought to be natural allies, but their different origins, culture, and priorities of the various agencies tasked with disaster response mean that communication and coordination between them is often lacking, leading to delayed, sub-standard, or inappropriate care for disaster victims. The potential of the ne...

This paper describes the origins and progress of an international project to advance disaster eHealth (DEH) – the application of eHealth technologies to enhance the delivery of healthcare in disasters. The study to date has focused on two major themes; the role of DEH in facilitating inter-agency communication in disaster situations, and the fundam...

Computer and information systems are now at the core of numerous critical infrastructures. However, their security management is by far not a trivial issue. Further, these systems, by their very nature, belong to the domain of complex systems, where system dynamics (SD) is an established method, which aims at modelling such systems, their analysis...

This paper presents the EU H2020 project Smart Mature Resilience, which takes advantage of the fact that many cities are committed to become increasingly resilient and have ongoing processes for urban resilience. Smart Mature Resilience develops resilience management guidelines based on a Resilience Maturity Model that engages a growing number of s...

Natural and man-made disasters are becoming more frequent – unfortunately in most cases inevitably. By applying certain set of policies and guidelines, a city could resist, absorb, adapt to and recover from acute shocks and chronic stresses to keep critical services functioning, i.e. be resilient. In 2016, the Smart Mature Resilience, a Horizon-202...

This volume constitutes the refereed post-conference proceedings of the First IFIP TC 5 DCDRR International Conference on Information Technology in Disaster Risk Reduction, ITDRR 2016, held in Sofia, Bulgaria, in November 2016. The 20 revised full papers presented were carefully reviewed and selected from 52 submissions. The papers focus on variou...

This article presents an interdisciplinary vision for large-scale integrated emergency management that has been inspired by the transition from platform centric to inte-grated operations in the oil and gas fields, which uses remote emergency control centres collaborating virtually with local responders. The article discusses some of the most salien...

Disaster management and disaster medicine are well-established disciplines for responding to disasters and providing care for individuals whose health and well- being has been affected. However, these disciplines have different origins, development, and priorities so that communication and coordination across them during disasters is often lacking,...

Managing the uncertainties that arise in disasters – such as a ship or building fire – can be extremely challenging. Previous work has typically focused either on modeling crowd behavior, hazard dynamics, or targeting fully known environments. However, when a disaster strikes, uncertainties about the nature, extent and further development of the ha...

In this paper, some new simulation results achieved from our proposed simulation model for analyzing congestions in ship evacuation are presented. To guarantee a safe evacuation, this model considers the most important real-life factors including, but not limited to, the passengers’ panic, the age and sex of the passengers, the structure of the shi...

The increasingly sophisticated sensors supported by modern smartphones open up novel research opportunities, such as mobile phone sensing. One of the most challenging of these research areas is context-aware and activity recognition. The SmartRescue project takes advantage of smartphone sensing, processing and communication capabilities to monitor...

The slides were intended for a presentation in the ISCRAM Conference in Penn State University, 21 May 2014.

The advanced sensors embedded in modern smartphones opens up for novel research opportunities, as for instance manifested in the field of mobile phone sensing. Most notable is perhaps research activities within human activity recognition and context-aware applications. Along a similar vein, the SmartRescue project targets monitoring of both hazard...

Failure of Critical Infrastructures (CIs) can have severe consequences for our societies. Therefore, CI resilience has attracted increasing attention in industries and policy-making. However, empirical studies on CI resilience are rare. In particular, research on the implementation of policies aiming at an improvement of CI resilience is lacking. U...

This HICSS-47 Minitrack Introduction introduces the four papers accepted by the ICT-enabled Crisis, Disaster & Catastrophe Management Minitrack within the HICSS E-Government Track.

Failure of Critical Infrastructures (CIs) are can have severe consequences for our societies. Therefore, CI resilience has attracted increasing attention in industries and policy-making. However, empirical studies on CI resilience are rare. In particular, research on the implementation of policies aiming at an improvement of CI resilience is lackin...

In this paper, we model passengers' panic during a ship fire by considering its most influential factors. The qualitative factors are quantified, allowing us to study passengers' panic in a probabilistic manner. Considering the time-varying nature of these factors, we update the state of the factors over time. We utilize a dynamic Bayesian network...

Managing the uncertainties that arise in disasters - such as a ship or building fire - can be extremely challenging. Previous work has typically focused either on modeling crowd behavior, hazard dynamics, or targeting fully known environments. However, when a disaster strikes, uncertainties about the nature, extent and further development of the ha...

We present an evacuation model for ships while a fire happens onboard. The model is designed by utilizing Bayesian networks (BN) and then simulated in GeNIe software. In our proposed model, the most important factors that have significant influence on a rescue process and evacuation time are identified and analyzed. By applying the probability dist...

Emergency evacuation of crowds is a fascinating phenomenon that has attracted researchers from various fields. Better understanding of this class of crowd behavior opens up for improving evacuation policies and smarter design of buildings, increasing safety. Recently, a new class of disruptive technology has appeared: Human-centered sensing which a...

In this paper, a new simulation model to analyze congestions in ship evacuation is introduced. To guarantee a safe evacuation, the model considers the most important real-life factors including, but not limited to, the passengers' panic, the age or sex of the passengers, the structure of the ship. The qualitative factors have been quantized in orde...

The world spends annually between 16 and 23 billion US dollars in disaster assistance. In 2010 an estimated 373 natural disasters occurred, causing 296, 800 victims and affecting more than 207 million people. By 2050 the number of people living in areas especially prone to natural disasters will probably double (from 680 to 1500 million). Communica...

While crises may appear to be event-driven, post-mortem accounts often identify factors that accumulate over time and increase the likelihood of failure. These factors are particularly difficult to anticipate when multiple organizations are involved in crisis preparation and event detection. Through the development of a systems-based model of crisi...

In the present study, we draw on previous system dynamics research on operational transition and change of vulnerability to investigate the role of incident response capability in controlling the severity of incidents during the adoption of new technology. Toward this end, we build a system dynamics model using the Norwegian Oil and Gas Industry as...

The growing reliance on technological infrastructures has made organizations increasingly vulnerable to threats from trusted employees, former employees, current or former contractors, and clients. Recent research indicates that successful defense from these threats depends on both technical and behavioral controls. In this paper, we report on our...

Track Planning and Foresight - Work in Progress (Short Paper) - ISBN: 978-0-86491-332-6

Group Model Building (GMB) often refers to collaborative system dynamics (SD) modeling. Despite its impressive success in various interdisciplinary domains, SD still struggles to be adopted as a mainstream method in the very areas where it has proven its worth. SD is hard to learn, and acquiring modeling skills can take long time. SD is mostly taug...

Introduction to Advances in Teaching and Learning Technologies Minitrack

Postings from social media can be very valuable in emergency management, both for providing actionable information that is up to date and very detailed in terms of the location of problems needing attention, and in disseminating news and instructions to the public. However, many organizations are reluctant to use these media, or even have regulatio...

Large crises management, affecting CIs needs multidisciplinary knowledge including technical, economical, social, political, legal and managerial knowledge. Being these crises international a huge variety of agents is involved in their response. This situation concludes in a set of stakeholders who only have fragmented knowledge. In the presence of...

There is little doubt that information systems security is a major concern for companies that are dependent on information technology. Among the risks to information system security, insider attacks seem to have the greatest potential for creating a significant system failure. Despite the likelihood of insider attacks and the potential magnitude of...

While awareness is acknowledged as a key factor in crisis management, much is vague as to the meaning of the awareness concept, its measurement, how awareness impacts the lifecycle of a crisis and how awareness can be promoted. This vagueness, we hypothesize, potentially reflects the immaturity of crisis management theory. This in turn obscures the...

In the last decade there has been a series of severe large scale power outages around the world. Deregulation and increasing interconnection among grids have left a complex topographical landscape of organizations and technology that spans traditional borders. Two examples are the 2003 outages in Italy and North America. Both these cases left more...

Vulnerability black markets (VBMs) are sites for trading malicious tools targeting software vulnerabilities, from known and patched ones. VBMs enable different actors to access malware and use them to attack vulnerable computers. This article discusses economic reasons that could cause continuity of VBMs. It is assumed that buyers and sellers’ deci...

Table-top and field simulation exercises are common tools for learning and practicing responses to unplanned IT security and critical infrastructure (CI) events. Preparing, executing and debriefing complex exercises are expensive and time consuming. Computer simulations can generate numerous potential scenarios and focus exercises on those that gen...

The Norwegian Oil and Gas Industry is adopting new information communication technology to connect its offshore platforms, onshore control centers and the suppliers. The management of the oil companies is generally aware of the increasing risks associated with the transition, but so far, investment in incident response (IR) capability has not been...

The protection of critical infrastructure requires an understanding of the effects of change on current and future safety and operations. Vulnerabilities may emerge during the rollout of updated techniques and integration of new technology with existing work practices. Managers need to understand how their decisions, often focused on economic prior...

Research into critical infrastructure (CI) interdependencies is still immature. Such interdependencies have important consequences for crisis management. Owing to the complexity of this problem, computer modelling and simulation is perhaps the most efficient research approach. We present five facts that should be taken into account when modelling t...

This paper discusses the manifest characteristics of online vulnerability black markets (VBM), insider actors, interactions and mechanisms, obtained from masked observation. Because VBM transactions are hidden from general view, we trace their precursors as secondary evidence of their development and activity. More general attributes of VBMs and th...

Since their inception Computer Security Incident Response Teams (CSIRTs) have been afflicted by chronic problems concerning workload, quality of service, and sustaining their constituency. We have cooperated with one of the oldest CSIRTs to model the most challenging issues. Low-priority and high-priority incident response cause distinct problems....

Since their inception Computer Security Incident Response Teams (CSIRTs) have been afflicted by chronic problems concerning workload, quality of service, and sustaining their constituency. We have cooperated with one of the oldest CSIRTs to model the most challenging issues. Low-priority and high-priority incident response cause distinct problems....

Since their inception Computer Security Incident Response Teams (CSIRTs) have been afflicted by chronic problems concerning workload, QoS and sustaining their constituency. We have cooperated with one of the oldest CSIRTs to model the most challenging issues. Low-and high-priority incident response cause different problems. In companion papers we d...

The discovery and management of software vulnerabilities after a product is released to the public is an important element of improving software quality and stability. The discovery of vulnerabilities enables exploitation and stimulates the development of patches or other protections, which in turn may or may not be deployed by product users. Vario...

This paper examines the role of information security incident reporting systems in the wider context of an information security management system. This work is based on four group model building workshops with participants from mnemonic AS, a Norwegian Managed Security Services Provider. We found that incident reporting is a crucial component in cr...

This chapter discusses the possible growth of black markets (BMs) for software vulnerabilities and factors affecting their spread. It is difficult to collect statistics about BMs for vulnerabilities and their associated transactions, as they are hidden from general view. We conduct a disguised observation of online BM trading sites to identify caus...

A vast body of research shows that people by and large fail to understand and manage dynamic environments. Given the increasing complexity of our world, there is an urgent need to develop more effective ways to present dynamic problems. Many studies propose computer simulators as virtual learning environments to help people understand and manage co...

System dynamics (SD) models contain valuable insights on complex organizational issues that develop over time. However, for non-experts such models can be complex and difficult to understand. We propose Dynamic Stories, a methodology that uses storytelling, to rephrase expert terminology in simpler to understand action terms, thus overcoming knowle...

At the highest abstraction level, an attempt by a social engineer to exploit a victim organisation either attempts to achieve some specific target (denial of service, steal an asset, tap some particular information) or it wishes to maximise an outcome, such as to disable the organisation by a terrorist attack or establish a permanent parasitic rela...

Critical Infrastructure (CI) interdependencies have important consequences for crisis management, particularly when the crises are cross-border. However, research into CI interdependencies is still immature. The nature of large-scale, cross-border crises in these systems of systems is not easily understood. We have identified several aspects that n...

Purpose This research paper aims to examine how incident‐reporting systems function and particularly how the steady growth of high‐priority incidents and the semi‐exponential growth of low‐priority incidents affect reporting effectiveness. Social pressures that can affect low‐ and high‐priority incident‐reporting rates are also examined. Design/me...

The implementation of Integrated Operations (IO) for oil and gas recovery - a real-time linkage among platform-based facilities, on-shore control centers and suppliers - is anticipated to reduce operating costs by 30%, extend the lifetime of current production fields by five years or longer and maintain Norwegian Continental Shelf production for 50...

The complexity of modern networked systems has negative consequences in the form of intended and unintended security incidents. Information security is not the first field to grapple with such challenges. In safety, incident learning systems (ILS) have been used to control high risk environments. Many of these systems, such as NASA's Aviation Safet...

The transition to eOperations in the Norwegian oil and gas industry is expected to yield up to 30% reduction in costs and 10% increase in production. But new information security risks are introduced by substituting traditional offshore operations like drilling, production, delivery, etc, mostly locally operated at the offshore platforms with incre...

At the highest abstraction level, an attempt by a social engineer to exploit a victim organization either attempts to achieve some specific target (denial of service, steal an asset, tap some particular information) or it wishes to maximize an outcome, such as to disable the organization by a terrorist attack or establish a permanent parasitic rela...

Migrating to new modes of operation are perilous times for most organizations. For firms that routinely work in high-threat, high-reward situations, the risks of innovation are particularly challenging. This paper develops a systems-based approach to understanding these risks. We draw examples from one firm migrating to e-operations for offshore oi...

Many authors have suggested that Computer Security Incident Response Teams (CSIRTs) need to deliver more proactive services to stay effective, but there are hardly any studies investigating to what extent existing proactive services are indeed effective or how to make them more effective. We view the proactive services as cross-organisational learn...

Not Available

To reduce costs (by ca. 30%), increase production (by ca. 10%) and extend the life time (by ca. 5 years) of North Sea wells the Norwegian oil & gas industry is developing an infrastructure of "integrated operations" - i.e. eOpera- tions from control centers with reduced personnel on offshore platforms. New technology, new work processes and new kno...

IT-security lacks the equivalent of an Air Safety Reporting System. Yet, the current trend to outsource security processes might be the birth of a Cyber Security Reporting System – CSRS. A necessary condition for providers of security services to evolve toward a CSRS is successful quality management. The increasing demand for “fire-fighting” – deri...

CSIRTs are security incident handling organizations serving a parent organization or a "constituency" of independent organizations. CSIRTs struggle coping with the increasing number and sophistication of incidents; staff is overloaded with work; managers 'over-utilize' their teams. The CSIRT 'mismanagement' problem can be framed as a case of natura...

In a continuously changing environment, a Computer Security Incident Response Team (CSIRT) has to evolve to sustain or improve its effectiveness. The main task of a CSIRT is to mitigate the effects of computer security incidents. A frequently identified problem is that CSIRTs are over-worked, under-staffed and under-funded. We present a System Dyna...

The transition to Integrated Operations in the Norwegian oil and gas industry is expected to yield up to 30 % reduction in costs and a 10 % increase in production. The success of the transition hinges on mastering the information security problems introduced by the eOperation – the gradual substitution of traditional offshore operations – drilling,...

Many of the contributing factors to computer security problems are non-technical in nature – that is, they are dependent upon human and organizational actions and interactions in the political, social, legal, and economic realms. However, much of the research in computer security has had a predominantly technical focus. This paper represents a firs...

We argue that the discipline called 'organizational learning' has a potential to fertilize and catalyze instructional technology, and vice versa. We envision a bridge between 'organizational' learning theory and 'individual' learning theory in the interrelated features 'fragmentation and limitations of human knowledge', 'quality (or reliability) of...

Basically, instrumental conditioning is learning through consequences: Behavior that produces positive results (high "instrumental response") is reinforced, and that which produces negative effects (low "instrumental response") is weakened. Instrumental conditioning plays a major role in learning, but the content of such learning might be desired (...

How do people choose between action options in risky environments and why do they so often opt for not following prescribed security measures? In our research we focus on human factors in modern work environments that rely on information technology (IT). To effectively counteract noncompliance, a good understanding of its origins is indispensable....

We are conducting a study of SD group model building that is based on the following aspects: 1. The availability (in the near future) of object-oriented components in at least one System Dynamics modeling tool. A component is a model piece that can be used as a building block of another component (Myrtveit, 2000). 2. The integration of SD simulatio...

The experimental results for problem-solving behavior in complex, dynamic systems, though extremely rich and varied, give some clear indications as to how learning laboratories should be devised. However, the best learning laboratories tend to be very resourceful and costly. This paper describes an evolving approach for the design of effective lear...

The general purpose of the work reported here is to extend and validate system dynamics technologies for their use in managing the complexities and risks of large scale, courseware development projects. Courseware refers to a variety of computer-based instructional materials used for the purpose of creating effective learning environments. While th...

In June of 1994, the authors of this chapter met in Grimstad to develop a research agenda to apply system dynamics to instructional design. The purpose of the research and development project is to extend and validate system dynamics technologies for their use in managing the complexities and risks of large-scale, courseware design projects. Course...

This chapter presents the young discipline of systems thinking, that is, study of structure, behavior and management of complex systems. We approach systems thinking from two different, though supplementary angles: modeling and simulation (system dynamics), and cognitive psychology of decision making in complex systems. We argue that progress in ma...

The AIDS epidemic is one of the toughest challenges facing human society today. Due to the very long incubation period of AIDS with its 'hidden' epidemic, policy-makers tend to underestimate the serious-ness of the problem. One cannot expect a breakthrough in prevention of HIV-spread unless such hidden features are dealt with. The computer program...