Abstract
Complex IT Systems are often used in applications which can pose a risk to their owners or to the public. Many of these are subject to extensive risk assessment before they are deployed and operated yet, despite this, undesired events do arise, leading to financial loss or loss of life. This paper investigates the role of existing risk assessment methods and draws the conclusion that they do not effectively predict the causes of actual loss events. The paper then suggests an alternative approach, which has the potential to offer a unified approach to risk assessment across a number of domains, and across different system properties, e.g. safety and financial risk. It concludes with observations on similar methods and research results, especially from accident analysis, and makes suggestions for future research directions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Van der Ven, A.H.: Engaged Scholarship: A Guide for Organizational and Social Research. Oxford University Press (2007)
LSCITS research programme (last accessed February 3, 2012), http://lscits.cs.bris.ac.uk/research.html
Ladkin, P.B.: Why-Because Analysis (last accessed February 4, 2012), http://www.rvs.uni-bielefeld.de/research/WBA/
Clarke, S.J., Coombes, A., McDermid, J.A.: The Analysis of Safety Arguments in the Specification of a Motor Speed Control Loop, YCS 136, Department of Computer Science, University of York (1990)
Cliff, D.: Private Communication (January 2012)
The Economist (on-line edition), A Few Minutes of Mayhem (May 13, 2010)
Bundesstelle für Flugunfalluntersuchung (BFU: German Federal Bureau of Aircraft Accidents Investigation), Accident on 1 July 2002, Near Überlingen/Lake Constance, Germany Involving Boeing B757-200 and Tupolev TU154M, Investigation Report AX001-1-2/02 (May 2004)
Alexander, R., Hall-May, M.: Modelling and Analysis of System of Systems Accidents, DARP/TN/2003/19, University of York (February 2004)
Société Générale, General Inspection Department, Mission Green, Summary Report (May 20, 2008) (English version, translated from the French)
Health and Safety Executive, Safety Assessment Principles for Nuclear Facilities, Revision 1 (2006)
Reinhardt, D.W., McDermid, J.A.: Assuring against Systematic Faults using Architecture and Fault Tolerance in Aviation Systems. In: Proc. Improving Systems and Safety Engineering, Brisbane, Australia (August 2010)
The Basel Committee on Banking Supervision of the Bank for International Settlements (last accessed February 4, 2012), http://www.bis.org/bcbs/about.htm
US DoD, MilStd 882D Standard Practice for System Safety (2002)
Roberts, N.H., Vesely, W.E., Haasl, D.F., Goldberg, F.F.: Fault Tree Handbook, Systems and Reliability Research Office of U.S. Nuclear Regulatory Commission, Washington, DC, 20555 (1981)
Alexander, C.: Market Risk Analysis, vol. I-IV. Wiley, New York (2008)
Basel Committee on Banking Supervision, International Convergence of Capital Management and Capital Standards (Basel II), Bank for International Settlements (2004)
US General Accounting Office, Long-term Capital Management: Regulators Need to Focus Greater Attention on Systemic Risk, GAO/GDD-00-3 (October 1999)
Eurocontrol Safety Regulatory Requirement (ESARR) 4, Risk Assessment and Mitigation in ATM. Eurocontrol (2001)
de Fontnouvell, P., DeJesus-Reuff, V., Jordan, J., Rosengren, E.: Using Loss Data to Quantify Operational Risk. Federal Reserve Bank of Boston (April 2003)
Cowell, R.G., Verrall, R.J., Yoon, Y.K.: Modelling Operational Risk with Bayesian Networks. Journal of Risk and Insurance 74(4), 795–827 (2007)
McDermid, J.A.: Risk, Uncertainty and Software Safety. In: Proc 28th International System Safety Conference. International System Safety Society, Vancouver (2008)
Ge, X., Paige, R.F., McDermid, J.A.: Probabilistic Failure Propagation and Transformation Analysis. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 215–228. Springer, Heidelberg (2009)
Perks, M.: Private Communication (February 2012)
Leveson, N.G.: A New Accident Model for Engineering Safer Systems. Safety Science 42(4), 237–270 (2004)
Hollnagel, E., Woods, D.D., Leveson, N.G.: Resilience Engineering: Concepts and Precepts. Ashgate Publishing (2006)
Sommerville, I., Lock, R., Storer, T.: Responsibility Modeling for Risk Analysis. In: Proc. ESREL 2009, Prague (September 2009)
Hansson, S.O.: Seven Myths of Risk. Risk Management 7(2), 7–17 (2005)
Brooker, P.: Air Traffic Management Accident Risk, Part 2: Repairing the Deficiencies of ESARR 4. Cranfield Research report PB/5/05 (May 2005)
Sommerville, I., Cliff, D., Calinescu, R., Keen, J., Kelly, T.P., Kwiatkowska, M., McDermid, J.A., Paige, R.F.: Large-Scale Complex IT Systems. Communications of the ACM 55(7), 71–77 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
McDermid, J.A. (2012). The Risks of LSCITS: The Odds Are Stacked against Us. In: Calinescu, R., Garlan, D. (eds) Large-Scale Complex IT Systems. Development, Operation and Management. Monterey Workshop 2012. Lecture Notes in Computer Science, vol 7539. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34059-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-34059-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34058-1
Online ISBN: 978-3-642-34059-8
eBook Packages: Computer ScienceComputer Science (R0)