Title: Identifying and evaluating risks related to enterprise dependencies: a practical goal-driven risk analysis framework

Authors: Paolo Donzelli, Roberto Setola

Addresses: Department for Innovation and Technology, Office of the Prime Minister, Via Po 14, 00198 Rome, Italy. ' Complex System & Security Lab., Universita CAMPUS Biomedico di Roma, Via E. Longoni, 86 00155 Rome, Italy

Abstract: This paper suggests a framework for identifying the extent to which an organisation depends on services and resources provided by either external or internal technological infrastructures and for evaluating the corresponding business risks. By combining the advantages provided by a goal-driven organisation modelling technique with the analysis capabilities of an infrastructures simulator, the proposed framework provides a valuable managerial support for identifying, analysing, and eventually mitigating risks associated with enterprise dependencies. Its practical application is illustrated in a simplified context using e-government project data.

Keywords: critical infrastructures; goal-based risk analysis; qualitative risk assessment; quantitative risk assessment; risk identification; risk mitigation; business risks; risk management; e-government; electronic government; enterprise dependencies.

DOI: 10.1504/IJRAM.2007.015297

International Journal of Risk Assessment and Management, 2007 Vol.7 No.8, pp.1120 - 1137

Published online: 02 Oct 2007 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article