Security risk analysis of system changes exemplified within the oil and gas domain



Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil and gas domain, introduction of technology that allows offshore installations to be operated from onshore means that fewer people are exposed to risk on the installation, but it also introduces new risks and vulnerabilities. We need suitable methods and techniques to understand how a change will affect the risk picture. This paper presents an approach that offers specialized support for analysis of risk with respect to change. The approach allows links between elements of the target of analyses and the related parts of the risk model to be explicitly captured, which facilitates tool support for identifying the parts of a risk model that need to be reconsidered when a change is made to the target. Moreover, the approach offers language constructs for capturing the risk picture before and after a change. The approach is demonstrated on a case concerning new software technology to support decision making on petroleum installations.


Security Risk analysis Change Oil and gas 


  1. 1.
    Aven, T., Sklet, S., Vinnem, J.E.: Barrier and operational risk analysis of hydrocarbon releases (BORA-Release). Part I. Method description. J. Haz. Mater. A137, 681–691 (2006)CrossRefGoogle Scholar
  2. 2.
    Ben-Gal, I.: Bayesian networks. In: Ruggeri, F., Kenett, R.S., Faltin, F.W. (eds.) Encyclopedia of Statistics in Quality and Reliability. Wiley, Chichester (2007)Google Scholar
  3. 3.
    Bergomi, F., Paul, S., Solhaug, B., Vignon-Davillier, R.: Beyond traceability: Compared approaches to consistent security risk assessments. In: Proceedings of Eighth International Conference on Availability, Reliability and Security (ARES’13), pp. 814–820. IEEE Computer (2013)Google Scholar
  4. 4.
    Breu, M., Breu, R., Löw, S.: MoVEing forward: towards an architecture and processes for a Living Models infrastructure. Int. J. Adv. Life Sci. 3(1–2), 12–22 (2011)Google Scholar
  5. 5.
    EUROCONTROL. Methodology report for the 2005/2012 integrated risk picutre for Air Traffic Management in Europe. EEC Technical/Scientific Report No. 2006–041 (2006)Google Scholar
  6. 6.
    Gigerenzer, G.: Calculated Risks—How to Know When Numbers Deceive You. Simon & Schuster, New York (2002)Google Scholar
  7. 7.
    Hogganvik, I., Stølen, K.: Risk analysis terminology for IT-systems: does it match intuition? In: 4th International Symposium on Empirical Software Engineering (ISESE’05), pp. 13–23. IEEE Computer Society (2005)Google Scholar
  8. 8.
    Hogganvik, I., Stølen, K.: A graphical approach to risk identification, motivated by empirical investigations. In: 9th International Conference on Model Driven Engineering Languages and Systems (MoDELS’06), volume 4199 of LNCS, pp. 574–588. Springer (2006)Google Scholar
  9. 9.
    Howard, R.A.: Dynamic Probabilistic Systems, Volume I: Markov Models. Wiley, New York (1971)Google Scholar
  10. 10.
    Howard, R.A., Matheson, J.E.: Influence diagrams. Decis. Anal. 2(3), 127–143 (2005)CrossRefGoogle Scholar
  11. 11.
    Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for IT risk management. In: Information Security South Africa Conference (ISSA’06) (2006)Google Scholar
  12. 12.
    International Electrotechnical Commission. IEC 61025 fault tree analysis (FTA) (1990)Google Scholar
  13. 13.
    International Electrotechnical Commission. IEC 61165 application of Markov techniques (1995)Google Scholar
  14. 14.
    International Organization for Standardization. ISO 31000 risk management—principles and guidelines (2009)Google Scholar
  15. 15.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis—The CORAS Approach. Springer, Berlin, Heidelberg (2011)Google Scholar
  16. 16.
    Lund, M.S., Solhaug, B., Stølen, K.: Risk analysis of changing and evolving systems using CORAS. In: Foundations of Security Analysis and Design VI (FOSAD VI), volume 6858 of LNCS, pp. 231–274. Springer (2011)Google Scholar
  17. 17.
    MoVE—Model Versioning and Evolution. Accessed 27 Aug 2014 (2014)
  18. 18.
    Object Management Group. OMG Unified Modeling Language (OMG UML), Superstructure. Version 2.2. OMG Document: formal/2009-02-02 (2009)Google Scholar
  19. 19.
    Seehusen, F., Solhaug, B.: Tool-supported risk modeling and analysis of evolving critical infrastructures. In: Multidisciplinary Research and Practice for Information Systems, volume 7465 of LNCS, pp. 562–577. Springer (2012)Google Scholar
  20. 20.
    Solhaug, B., Seehusen, F.: Model-driven risk analysis of evolving critical infrastructures. J. Ambient Intell. Hum. Comput. 5(2), 187–204 (2014)CrossRefGoogle Scholar
  21. 21.
    Solhaug, B., Stølen, K.: The CORAS language—Why it is designed the way it is. In: Safety, Reliability, Risk and Life-Cycle Performance of Structures and Infrastructures, Proceedings of 11th International Conference on Structural Safety and Reliability (ICOSSAR’13), pp. 3155–3162. CRC Press (2013)Google Scholar
  22. 22.
    Tran, L.M.S., Solhaug, B., Stølen, K.: An approach to select cost-effective risk countermeasures exemplified in coras. Technical report A24343, SINTEF ICT (2013)Google Scholar
  23. 23.
    Voirin, J.-L.: Method and tools for constrained system architecting. In: 18th Annual International Symposium of the International Council on Systems Engineering (INCOSE’08), pp. 775–789. Curran Associates, Inc. (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Atle Refsdal
    • 1
  • Bjørnar Solhaug
    • 1
  • Ketil Stølen
    • 1
    • 2
  1. 1.SINTEF ICTOsloNorway
  2. 2.Department of InformaticsUniversity of OsloOsloNorway

Personalised recommendations