Security risk analysis of system changes exemplified within the oil and gas domain

ESE

DOI: 10.1007/s10009-014-0351-0

Cite this article as:
Refsdal, A., Solhaug, B. & Stølen, K. Int J Softw Tools Technol Transfer (2015) 17: 251. doi:10.1007/s10009-014-0351-0
  • 235 Downloads

Abstract

Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil and gas domain, introduction of technology that allows offshore installations to be operated from onshore means that fewer people are exposed to risk on the installation, but it also introduces new risks and vulnerabilities. We need suitable methods and techniques to understand how a change will affect the risk picture. This paper presents an approach that offers specialized support for analysis of risk with respect to change. The approach allows links between elements of the target of analyses and the related parts of the risk model to be explicitly captured, which facilitates tool support for identifying the parts of a risk model that need to be reconsidered when a change is made to the target. Moreover, the approach offers language constructs for capturing the risk picture before and after a change. The approach is demonstrated on a case concerning new software technology to support decision making on petroleum installations.

Keywords

Security Risk analysis Change Oil and gas 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Atle Refsdal
    • 1
  • Bjørnar Solhaug
    • 1
  • Ketil Stølen
    • 1
    • 2
  1. 1.SINTEF ICTOsloNorway
  2. 2.Department of InformaticsUniversity of OsloOsloNorway