BUSINESS DRIVEN RISK ASSESSMENT - A Methodical Approach to Risk Assessment and Business Investment

David W. Enström, Siavosh Hossendoust

2008

Abstract

Dynamic business environments require concurrent, distributed, and flexible architectures that must provide an agreeable level of reliability and acceptable level of trust. A three level undisruptive business driven planning process has been formulated using a risk analysis model that provides a justifiable direction for implementing a low risk solution and selecting appropriate products. The methodology includes identification of “Risk Priority” through assessment of risks for: business effectiveness, logical IT solution architecture (PIM) aspects, and physical IT solution architecture (PSM) aspects. It also introduces a risk dependency analysis process as an aid in understanding relationships between architectural layers. This proposed methodology aids in understanding and prioritizing risks within the context of the organization; it has broadened the concept of a TRA into a risk controlled solution architecture domain.

References

  1. CSE, (2005). Threat and Risk Assessment Working Guide, viewed January 2007, <http://www.csecst.gc.ca/publications/gov-pubs/itsg/itsg04-e.html>.
  2. McGraw, Gary (2006a). Software Security: Building Security In, Addison-Wesley, New York.
  3. McGraw, Gary (2006b). Architectural Risk Analysis, Viewed November 2007, <http://www.devsource.com/ article2/0,1895,1928687,00.asp>.
  4. IBM (2003). Risk reduction with the RUP phase plan, Viewed November 2007, <http://www.ibm.com/ developerworks/rational/library/1826.html>.
  5. HP (2007). Planning for Disaster: Assessing Risks to Your Business Data, Viewed November 2007, <http://www.score.org/pdf/HP_Download_Planningfo rDisaster.pdf>.
  6. Kotonya, Gerald, & Rashid, Awais (2001). A Strategy for Managing Risk in Component-based Software Development. Proceedings of the 27th EUROMICRO Conference 2001: A Net Odyssey (EUROMICRO'01), pp. 12-22.
  7. NASA (2003). XML Business Case, Robert Benedict, NASA, Washington.
  8. NASA (2004). NASA Activities in Risk Assessment, Project Management Conference 2004, Michael G. Stamatelatos, NASA, Washington.
  9. Houmb, S.H., Georg, G., France, R., Bieman, J., Jurjens, J. (2005). Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development. Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems, pp. 195- 204.
  10. Williams, Ray, Ambrose, Kate, Bentrem, Laura, Merendino, Tom (2004). Risk Based Diagnostics, Carnegie Mellon Software Engineering Institute for the Department of Defense, Pittsburgh.
  11. Choudhary, A. Rahim, (2005). A Policy Based Architecture for NSA RAdAC Model. Proceedings of the 6th IEEE IA Workshop, pp. 10.
  12. Wikipedia (2007). Social Network, Viewed November 2007, http://en.wikipedia.org/wiki/Social_network_analysis.
  13. The Bumble Bee (2006). Social Network Analysis: An Introduction, Viewed November 2007, <http://www.bioteams.com/2006/03/28/social_networ k_analysis.html>.
  14. Liemur (2005). Risk Based Software Development: Reducing Risk and Increasing the Probability of Project Success, Viewed November 2007, <http://www.liemur.com/Articles/Risk_Based_Softwa re_Development.html>.
  15. Custers, B. H. M. (2007). Risk Profiling of Money Laundering and Terrorism Funding - Practical Problems of Current Information Strategies. ICEIS 2007 Conference Proceedings, pp. 90-94.
  16. Gulías, Víctor M., Abalde, Carlos, Castro, Laura M., Varela, Carlos (2006). Formalisation of a Functional Risk Management System. ICEIS 2006 Conference Proceedings, pp. 516-519.
  17. Misra, Subhas C., Kumar, Vinod, Kumar, Uma (2005). Modeling Strategic Actor Relationships to Support Risk Analysis and Control in Software Projects. ICEIS 2005 Conference Proceedings, pp. 288-293.
  18. Enström, David W., Walsh, D'Arcy, Hossendoust, Siavosh (2007). A Reference Model for Enterprise Security - High Assurance Enterprise Security. ICEIS 2007 Conference Proceedings, pp. 355-364
Download


Paper Citation


in Harvard Style

W. Enström D. and Hossendoust S. (2008). BUSINESS DRIVEN RISK ASSESSMENT - A Methodical Approach to Risk Assessment and Business Investment . In Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-8111-38-8, pages 271-278. DOI: 10.5220/0001701602710278


in Bibtex Style

@conference{iceis08,
author={David W. Enström and Siavosh Hossendoust},
title={BUSINESS DRIVEN RISK ASSESSMENT - A Methodical Approach to Risk Assessment and Business Investment},
booktitle={Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2008},
pages={271-278},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001701602710278},
isbn={978-989-8111-38-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - BUSINESS DRIVEN RISK ASSESSMENT - A Methodical Approach to Risk Assessment and Business Investment
SN - 978-989-8111-38-8
AU - W. Enström D.
AU - Hossendoust S.
PY - 2008
SP - 271
EP - 278
DO - 10.5220/0001701602710278