Model Driven Risk Analysis

The term “risk” is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist. In this book, Lund, Solhaug and Stølen focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors’ aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support. The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.

This book constitutes the thoroughly refereed conference proceedings of the First International Workshop on Risk Assessment and Risk-driven Testing, RISK 2013, held in conjunction with 25th IFIP International Conference on Testing Software and Systems, ICTSS 2013, in Istanbul, Turkey, in November 2013. The revised full papers were carefully reviewed and selected from 13 submissions. The papers are organized in topical sections on risk analysis, risk modeling and risk-based testing.

An overview of the methods used for risk analysis in a variety of industrial sectors, with a particular focus on the consideration of human aspects, this book provides a definition of all the fundamental notions associated with risks and risk management, as well as clearly placing the discipline of risk analysis within the broader context of risk management processes. The author begins by presenting a certain number of basic concepts, followed by the general principle of risk analysis. He then moves on to examine the ISO31000 standard, which provides a specification for the implementation of a risk management approach. The ability to represent the information we use is crucial, so the representation of knowledge, covering both information concerning the risk occurrence mechanism and details of the system under scrutiny, is also considered. The different analysis methods are then presented, firstly for the identification of risks, then for their analysis in terms of cause and effect, and finally for the implementation of safety measures. Concrete examples are given throughout the book and the methodology and method can be applied to various fields (industry, health, organization, technical systems). Contents Part 1. General Concepts and Principles 1. Introduction. 2. Basic Notions. 3. Principles of Risk Analysis Methods. 4. The Risk Management Process (ISO31000). Part 2. Knowledge Representation 5. Modeling Risk. 6. Measuring the Importance of a Risk. 7. Modeling of Systems for Risk Analysis. Part 3. Risk Analysis Method 8. Preliminary Hazard Analysis. 9. Failure Mode and Effects Analysis. 10. Deviation Analysis Using the HAZOP Method. 11. The Systemic and Organized Risk Analysis Method. 12. Fault Tree Analysis. 13. Event Tree and Bow-Tie Diagram Analysis. 14. Human Reliability Analysis. 15. Barrier Analysis and Layer of Protection Analysis. Part 4. Appendices Appendix 1. Occupational Hazard Checklists. Appendix 2. Causal Tree Analysis. Appendix 3. A Few Reminders on the Theory of Probability. Appendix 4. Useful Notions in Reliability Theory. Appendix 5. Data Sources for Reliability. Appendix 6. A Few Approaches for System Modelling. Appendix 7. CaseStudy: Chemical Process. Appendix 8. XRisk Software. About the Authors Jean-Marie Flaus is Professor at Joseph Fourier University in Grenoble, France.

This book constitutes the thoroughly refereed conference proceedings of the Fourth International Workshop on Risk Assessment and Risk-Driven Quality Assurance, RISK 2016, held in conjunction with ICTSS 2016, in Graz, Austria, in October 2016. The revised 9 full papers were carefully reviewed and selected from 11 submissions. They focus on research studying, developing and evaluating innovative techniques, tools, languages and methods risk assessment and risk-driven quality engineering. The papers are organized topical sections: security risk management; security risk analysis; risk-based testing.

FOSAD has been one of the foremost educational events established with the goal of disseminating knowledge in the critical area of security in computer systems and networks. Over the years, both the summer school and the book series have represented a reference point for graduate students and young researchers from academia or industry, interested to approach the field, investigate open problems, and follow priority lines of research. This book presents thoroughly revised versions of nine tutorial lectures given by leading researchers during three International Schools on Foundations of Security Analysis and Design, FOSAD, held in Bertinoro, Italy, in September 2012 and 2013. The topics covered in this book include model-based security, automatic verification of secure applications, information flow analysis, cryptographic voting systems, encryption in the cloud, and privacy preservation.

For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage.

Examines timely multidisciplinary applications, problems, and case histories in risk modeling, assessment, and management Risk Modeling, Assessment, and Management, Third Edition describes the state of the art of risk analysis, a rapidly growing field with important applications in engineering, science, manufacturing, business, homeland security, management, and public policy. Unlike any other text on the subject, this definitive work applies the art and science of risk analysis to current and emergent engineering and socioeconomic problems. It clearly demonstrates how to quantify risk and construct probabilities for real-world decision-making problems, including a host of institutional, organizational, and political issues. Avoiding higher mathematics whenever possible, this important new edition presents basic concepts as well as advanced material. It incorporates numerous examples and case studies to illustrate the analytical methods under discussion and features restructured and updated chapters, as well as: A new chapter applying systems-driven and risk-based analysis to a variety of Homeland Security issues An accompanying FTP site—developed with Professor Joost Santos—that offers 150 example problems with an Instructor's Solution Manual and case studies from a variety of journals Case studies on the 9/11 attack and Hurricane Katrina An adaptive multiplayer Hierarchical Holographic Modeling (HHM) game added to Chapter Three This is an indispensable resource for academic, industry, and government professionals in such diverse areas as homeland and cyber security, healthcare, the environment, physical infrastructure systems, engineering, business, and more. It is also a valuable textbook for both undergraduate and graduate students in systems engineering and systems management courses with a focus on our uncertain world.

This book constitutes the refereed proceedings of the 14th World Congress on Services, SERVICES 2018, held as part of the Services Conference Federation, SCF 2018, in Seattle, USA, in June 2018. The 10 full papers and 3 short papers presented were carefully reviewed and selected from 22 submissions. The papers cover topics in the field of software foundations and applications with a focus on novel approaches for engineering requirements, design and architectures, testing, maintenance and evolution, model-driven development, software processes, metrics, quality assurance and new software economics models, search-based software engineering, benefiting day-to-day services sectors and derived through experiences, with appreciation to scale, pragmatism, transparency, compliance and/or dependability.