To main content

Security risk analysis of system changes exemplified within the oil and gas domain

Abstract

Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil & gas domain, introduction of technology that allows offshore installations to be operated from onshore means that fewer people are exposed to risk on the installation, but it also introduces new risks and vulnerabilities. We need suitable methods and techniques in order to understand how a change will affect the risk picture. This paper presents an approach that offers specialized support for analysis of risk with respect to change. The approach allows links between elements of the target of analyses and the related parts of the risk model to be explicitly captured, which facilitates tool support for identifying the parts of a risk model that need to be reconsidered when a change is made to the target. Moreover, the approach offers language constructs for capturing the risk picture before and after a change. The approach is demonstrated on a case concerning new software technology to support decision making on petroleum installations.

Category

Academic article

Client

  • EC/FP7 / 333053
  • Research Council of Norway (RCN) / 217213
  • EC/FP7 / 256980
  • Research Council of Norway (RCN) / 232059

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software and Service Innovation
  • University of Oslo

Year

2015

Published in

International Journal on Software Tools for Technology Transfer (STTT)

ISSN

1433-2779

Volume

17

Issue

3

Page(s)

251 - 266

View this publication at Cristin