Modelling Risk and Identifying Countermeasure in Organizations

Modelling and analysing risk is one of the most critical activity in system engineering. However, in literature approaches like Fault Tree Analysis, Event Tree Analysis, Failure Modes and Criticality Analysis focus on the system-to-be without considering the impact of the associated risks to the organization where the system will operate. The Tropos framework has been proved effective in modelling strategic interests of the stakeholders at organizational level. In this paper, we introduce the extended Tropos goal model to analyse risk at organization level and we illustrate a number of different techniques to help the analyst in identifying and enumerating relevant countermeasures for risk mitigation.

[1]  Martin S. Feather,et al.  A quantitative risk model for early lifecycle decision making , 2002 .

[2]  John Mylopoulos,et al.  Formal Reasoning Techniques for Goal Models , 2003, J. Data Semant..

[3]  Glyn A. Holton Defining Risk , 2004 .

[4]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[5]  John Mylopoulos,et al.  Goal-oriented requirements analysis and reasoning in the Tropos methodology , 2005, Eng. Appl. Artif. Intell..

[6]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[7]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[8]  John Mylopoulos,et al.  Risk Modelling and Reasoning in Goal Models , 2006 .

[9]  A. Finkelstein Report of the Inquiry into the London Ambulance Service , 1993 .

[10]  M. Pistore,et al.  Formal Tropos : language and semantics , 2003 .

[11]  Martin S. Feather Towards a unified approach to the representation of, and reasoning with, probabilistic risk information about software and its system interface , 2004, 15th International Symposium on Software Reliability Engineering.

[12]  John Mylopoulos,et al.  Simple and Minimum-Cost Satisfiability for Goal Models , 2004, CAiSE.

[13]  Makis Stamatelatos,et al.  Fault tree handbook with aerospace applications , 2002 .

[14]  A. Finkelstein,et al.  A comedy of errors: the London Ambulance Service case study , 1996, Proceedings of the 8th International Workshop on Software Specification and Design.

[15]  Annie I. Antón,et al.  Goal-based requirements analysis , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[16]  Axel van Lamsweerde,et al.  Managing Conflicts in Goal-Driven Requirements Engineering , 1998, IEEE Trans. Software Eng..

[17]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.