Abstract
As software-intensive systems become more and more complex, so does the assessment of the risks that these systems may have on people's businesses, privacy, livelihoods, and very lives. For very large long-lived industrial programmes, such as the Galileo programme of the European Space Agency (ESA), or the French Pentagon programme for the Ministry of Defence, traditional risk management approaches are now reaching their limit. This is true for tooling, but even more so for humans. This paper proposes novel techniques to deal with cognitive scalability issues in risk assessment studies, amongst which graphical extensions to traditional risk management approaches, such as chain diagrams, and the seamless integration of attack trees. Feedback and results were collected from security experts and other stakeholders, in a large industrial context (namely, the Galileo risk assessment programme) and through dedicated research and development demonstrations. The feedback and results show effective improvements with respect to standard practices, even though fine tuning is still needed to reach an adequate and financially acceptable equilibrium between: (i) dealing with a large number of small independent problems; and (ii) maintaining an overall understanding of the system’s risks and risks treatment.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
