Modelling Risk and Identifying Countermeasure in Organizations

Asnar, Yudistira; Giorgini, Paolo

doi:10.1007/11962977_5

Yudistira Asnar¹⁷ &
Paolo Giorgini¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4347))

Included in the following conference series:

International Workshop on Critical Information Infrastructures Security

756 Accesses
24 Citations

Abstract

Modelling and analysing risk is one of the most critical activity in system engineering. However, in literature approaches like Fault Tree Analysis, Event Tree Analysis, Failure Modes and Criticality Analysis focus on the system-to-be without considering the impact of the associated risks to the organization where the system will operate. The Tropos framework has been proved effective in modelling strategic interests of the stakeholders at organizational level. In this paper, we introduce the extended Tropos goal model to analyse risk at organization level and we illustrate a number of different techniques to help the analyst in identifying and enumerating relevant countermeasures for risk mitigation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: An Agent-Oriented Software Development Methodology. Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)
Article Google Scholar
van Lamsweerde, A., Letier, E.: Handling Obstacles in Goal-Oriented Requirements Engineering. IEEE Transaction Software Engineering 26(10), 978–1005 (2000)
Article Google Scholar
Stamatelatos, M., Vesely, W., Dugan, J., Fragola, J., Minarick, J., Railsback, J.: Fault Tree Handbook with Aerospace Applications. NASA (2002)
Google Scholar
DoD: Military Standard, Procedures for Performing a Failure Mode, Effects, and Critical Analysis (MIL-STD-1692A). U.S. Department of Defense (1980)
Google Scholar
Yu, E.: Modelling Strategic Relationships for Process Engineering. PhD thesis, University of Toronto, Department of Computer Science (1995)
Google Scholar
Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-Directed Requirements Acquisition. Science of Computer Programming 20, 3–50 (1993)
Article MATH Google Scholar
Anton, A.I.: Goal-Based Requirements Analysis. In: ICRE 1996: Proceedings of the 2nd International Conference on Requirements Engineering, Washington, DC, USA, p. 136. IEEE Computer Society, Los Alamitos (1996)
Chapter Google Scholar
COSO: Enterprise Risk Management - Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission (2004)
Google Scholar
Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Formal Reasoning Techniques for Goal Models. Journal of Data Semantics (2003)
Google Scholar
Giorgini, P., Mylopoulos, J., Sebastiani, R.: Simple and Minimum-Cost Satisfiability for Goal Models. In: Persson, A., Stirna, J. (eds.) CAiSE 2004. LNCS, vol. 3084, pp. 20–33. Springer, Heidelberg (2004)
Chapter Google Scholar
LAS: London ambulance service - official website (2006), http://www.londonambulance.nhs.uk/
Finkelstein, A.: Report of the inquiry into the london ambulance service. In: International Workshop on Software Specification and Design Case Study (1995)
Google Scholar
van Lamsweerde, A., Letier, E., Darimont, R.: Managing Conflicts in Goal-Driven Requirements Engineering. IEEE Transaction Software Engineering 24(11), 908–926 (1998)
Article Google Scholar
Carr, M.J., Konda, S.L., Monarch, I., UlrichCarr1993, F.C.: Taxonomy-Based Risk Identification. Technical Report CMU/SEI-93-TR-6, ESC-TR-93-183, Software Engineering Institute, Carnegie Mellon University (1993)
Google Scholar
Holton, G.A.: Defining Risk. Financial Analyst Journal 60(6), 19–25 (2004)
Article Google Scholar
Feather, M.S., Cornford, S.L., Dunphy, J., Hicks, K.: A quantitative risk model for early lifecycle decision making. In: Proceedings of the Conference on Integrated Design and Process Technology (2002)
Google Scholar
Asnar, Y., Giorgini, P., Mylopoulos, J.: Risk Modelling and Reasoning in Goal Models. Technical Report DIT-06-008, DIT - University of Trento (2006)
Google Scholar
Fuxman, A., Kazhamiakin, R., Pistore, M., Roveri, M.: Formal Tropos: language and semantics (2003), http://trinity.dit.unitn.it/~tropos/papers_files/ftsem03.pdf

Download references

Author information

Authors and Affiliations

Department of Information and Communication Technology, University of Trento, Italy
Yudistira Asnar & Paolo Giorgini

Authors

Yudistira Asnar
View author publications
You can also search for this author in PubMed Google Scholar
Paolo Giorgini
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Information and Communication Technologies, University of A Coruña, Spain
Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Asnar, Y., Giorgini, P. (2006). Modelling Risk and Identifying Countermeasure in Organizations. In: Lopez, J. (eds) Critical Information Infrastructures Security. CRITIS 2006. Lecture Notes in Computer Science, vol 4347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11962977_5

Download citation

DOI: https://doi.org/10.1007/11962977_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69083-2
Online ISBN: 978-3-540-69084-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics