Security and Resilience – Guidelines for complexity assessment process

According to ISO, “This document gives guidelines for the application of principles and a process for a complexity assessment of an organization’s systems to improve security and resilience. A complexity assessment process allows an organization to identify potential hidden vulnerabilities of its system and to provide an early indication of risk resulting from complexity.“

The ISO 22375 originates from the UNI 11613 published in 2015 and impulsed by Ontonix. Ontonix is principal co-author of UNI 11613.

Complexity-induced risk is today the most insidious form of risk

“We are pleased to have contributed to the ISO 22375” said Dr. J. Marczyk, the founder and President of Ontonix. “Complexity-induced risk is a new form of risk, introduced by Ontonix and the management of which Ontonix has pioneered since its founding in 2005. Complexity-induced risk is today the most insidious form of risk”, he added. “We do, however, have reservations as to ISO 22375.

First of all, it provides a subjective assessment in that it is based on arbitrarily assigned weights. Second, the analysis procedure has a stong linear flavour and discounts the presence of critical complexity. This last fact indicates that the standard leans heavily towards a qualitative analysis, neglecting such fundamental principles of physics as the Second Law of Thermodynamics. Finally, the standard speaks of resilience but no measure of resilience is proposed or discussed”, he concluded.


Published by


Established in 2005 in the USA, Ontonix is headquartered in Como, Italy, and develops the World’s first system which allows one to measure and manage complexity - the main enemy of modern businesses. Our award winning technology and exclusive services help our clients view strategy, business risk management and economic intelligence from a radically innovative perspective. In turbulent times conventional analytics and BI technology prove ineffective and it is necessary to turn to new methods. Our technology takes advantage of the recent developments in science and has been engineered to specifically treat turbulence and extreme events. We know how to identify the hidden sources of fragility in a business and how to make it more resilient. And how to prepare it for Black Swans. Based on the discovery that excessive complexity is the true source of exposure, we have devised a new theory of risk which is particularly suited for a turbulent global economy and which allows us to provide our clients with real-time early warnings of increased vulnerability and exposure. Our unusual software solutions, which integrate with ERP or Data Warehouse systems, deliver new and critical information on a business and its performance. Our intrinsic KPIs and business diagnosis tools provide management with strategic business and economic intelligence in a dynamic fashion. Ontonix offers a unique cloud-based business diagnosis and rating capability, which allows one to perform a real-time check of the complexity and resilience of a corporation. The on-line service generates intuitive Business Structure Maps which pinpoint the sources of criticality within a business. With the Internet as the backbone of this global service, our goal is to deliver objective ratings and complexity management to every corner of the economy, helping corporations cope better with our turbulent times.

Comment here

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s