Risk analysis of information systems by event process chains Online publication date: Sun, 06-Feb-2005
by Ralf Mock, Maurizio Corvo
International Journal of Critical Infrastructures (IJCIS), Vol. 1, No. 2/3, 2005
Abstract: Information and Communication Technology (ICT) has an important impact on critical infrastructure operation. However, the current use of risk analysis techniques has reached its limits when analysing these systems at least in practical terms. The application of extended event process chains (EPC) bypasses some of the difficulties, as they model business processes within an information system instead of much more complex hardware architectures and software interactions. The methodology described in this paper integrates ARIS (Architecture Integrated Information Systems) and FMEA (Failure Mode and Effects Analysis), i.e., a business modelling method based on EPCs and a risk assessment technique which are well established in their areas of application and branches of competence. A novel risk representation is discussed. The practicability of the methodology is demonstrated by a feasibility study.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Critical Infrastructures (IJCIS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook