Analyzing Risk-Countermeasure in Organizations: a Quantitative Approach

Risk is one of inherent problems in all software systems. It becomes more significant if the software system is operated in a critical system (e.g., air traffic control, nuclear plant). It is because in this domain the software system is expected to be always dependable all the time of its operation. The system is dependable when all its risks are suppressed until acceptable level. Therefore, in such setting analysts must carefully analyze the socio-technical system (i.e., organizationalsetting and software systems) and understand how uncertain events may affect the systems. By means of the Tropos Goal-Risk, we model the socio-technical system including its risks. Essentially, the framework consists of goal, event, and treatment modeling. The goal layer represents what the stakeholders’ interests are and how to achieve them. The event layer depicts how uncertain events occur and impact the goals of stakeholders. The treatment layer represents what the possible measures that are available to treat the events. By quantifying the evidence value of the model, analysts can reason about the level of risk and choose the most appropriate alternative to achieve the stakeholders’ interests and the necessary treatment that should be employed to mitigate the risks. We use a case study on Air Traffic Management to illustrate the proposal.