Modeling design patterns with description logics: a case study
CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
A method for security governance, risk, and compliance (GRC): a goal-process approach
Foundations of security analysis and design VI
Privacy analysis using ontologies
Proceedings of the second ACM conference on Data and Application Security and Privacy
A collaborative user-centered approach to fine-tune geospatial database design
ER'12 Proceedings of the 2012 international conference on Advances in Conceptual Modeling
Hi-index | 0.00 |
Risk analysis is traditionally considered a critical activity for the whole software system’s lifecycle. Risks are identified by considering technical aspects (e.g., failures of the system, unavailability of services, etc.) and handled by suitable countermeasures through a refined design. This, however, introduces the problem of reconsidering system requirements. In this paper, we propose a goal-oriented approach for analyzing risks during the requirements analysis phase. Risks are analyzed along with stakeholder interests, and then countermeasures are identified and introduced as part of the system’s requirements. This work extends the Tropos goal modeling formal framework proposing new concepts, qualitative reasoning techniques, and methodological procedures. The approach is based on a conceptual framework composed of three main layers: assets, events, and treatments. We use “loan origination process” case study to illustrate the proposal, and we present and discuss experimental results obtained from the case study.