Modelling and Analysing Risk at Organizational Level

Modeling and analyzing risk is one of the most critical activity in system engineering and approaches like Fault Tree Analysis, Event Tree Analysis, Failure Modes and Criticality Analysis have been proposed in literature. All these approaches focus on the system-to-be without considering the impact of the associated risks to the organization where the system will operate. On the other hand, the tendency is more and more to consider software development as a part of organizational development. In this paper, we propose a framework to model and reason about risk at organizational level, namely considering the system-to-be along the organizational setting. The framework extends Tropos, a methodology that has been proved effective in modeling strategic interests of the stakeholders at organizational level. We introduce a number of different means that help the analyst to identify and enumerate relevant treatments for risk mitigation. Experimental results are finally presented and discussed.