To main content

Divide and Conquer – Towards a Notion of Risk Model Encapsulation

Abstract

The criticality of risk management is evident when considering the information society of today, and the emergence of Future Internet technologies such as Cloud services. Information systems and services become ever more complex, heterogeneous, dynamic and interoperable,
and many different stakeholders increasingly rely on their availability and protection. Managing risks in such a setting is extremely challenging, and existing methods and techniques are often inadequate. A main difficulty is that the overall risk picture becomes too complex to understand
without methodic and systematic techniques for how to decompose a large scale risk analysis into smaller parts. In this chapter we introduce a notion of risk model encapsulation to address this challenge. Encapsulation
facilitates compositional risk analysis by hiding internal details of a risk model. This is achieved by defining a risk model interface that contains all and only the information that is needed for composing the individual risk models to derive the overall risk picture. The interface
takes into account possible dependencies between the risk models. We outline a method for compositional risk analysis, and demonstrate the approach by using an example on information security from the petroleum industry.

Category

Academic chapter/article/Conference paper

Client

  • EU / 256980
  • EU / 316853
  • Research Council of Norway (RCN) / 217213
  • EU / 333053
  • Research Council of Norway (RCN) / 232059

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software and Service Innovation
  • Diverse norske bedrifter og organisasjoner
  • University of Oslo

Year

2014

Publisher

Springer

Book

Engineering Secure Future Internet Services and Systems

Issue

8431

ISBN

978-3-319-07452-8

Page(s)

345 - 365

View this publication at Cristin