Risk analysis of information systems by event process chains
暂无分享,去创建一个
Information and Communication Technology (ICT) has an important impact on critical infrastructure operation. However, the current use of risk analysis techniques has reached its limits when analysing these systems at least in practical terms. The application of extended event process chains (EPC) bypasses some of the difficulties, as they model business processes within an information system instead of much more complex hardware architectures and software interactions. The methodology described in this paper integrates ARIS (Architecture Integrated Information Systems) and FMEA (Failure Mode and Effects Analysis), i.e., a business modelling method based on EPCs and a risk assessment technique which are well established in their areas of application and branches of competence. A novel risk representation is discussed. The practicability of the methodology is demonstrated by a feasibility study.
[1] Ralf Günter Mock,et al. Risk Engineering: Bridging Risk Analysis with Stakeholders Values , 1999 .
[2] August-Wilhelm Scheer,et al. ARIS — Vom Geschäftsprozess zum Anwendungssystem , 1998 .
[3] Robin Moses,et al. Risk analysis and management , 1992 .
[4] Daguo Xiong. Natural Axiom System of Probability Theory , 2003 .
[5] August-Wilhelm Scheer,et al. ARIS — Modellierungsmethoden, Metamodelle, Anwendungen , 1998 .