There are numerous forecast models of software development costs, however, various problems become apparent in context to practical application. Standardized methods, such as COCOMO II have to be calibrated at an individual operational level on the basis of the underlying database. This paper presents a new activity based approach that is based on business specific cost data that can be easily ...

The importance of information as a resource and competitive factor in today’s society and economy is constantly rising. As a consequence, it becomes necessary for organizations to manage the risks that arise from poor information quality (IQ) in the same way other operational and strategic risks are managed. Information is, however, an unique and intangible resource that requires special method...

We discuss a simple model of disk backups and other maintenance processes that include change to computer data. We determine optimal strategies for scheduling such processes. A maximum entropy model of random change provides a simple and intuitive guide to the process of sector based disk change and leads to an easily computable optimum time for backup that is robust to changes in the model. We...

We are already into the fall season with winter rapidly approaching. As always, we have many changes to report at the Diagnostic Laboratory. We ended our 1998-1999 fiscal year with a 23 percent increase in accessions compared to the previous year. We are constantly working on improving our diagnostic testing ability, frequently by using molecular techniques. Some of these new advances are detai...

Operator error has been blamed for many accidents and incidents in safety-critical systems. It is important that humanmachine interface (HMI) designers are aware of the relationships between their design decisions, operator errors, and the hazards associated with a system. In this paper, we demonstrate how information from risk analysis can be combined with formal specification of the HMI, to s...

Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in existing formalisms, such properties are considered independent. For example, investing more in ...

While conventional business administration-based information technology management methods are applied to the risk analysis of information systems, no security risk analysis techniques have been used in relation to information protection. In particular, given the rapid diffusion of information systems and the demand for information protection, it is vital to develop security risk analysis techn...

The present paper should be seen as a basis for discussion of important aspects of risk analysis and assessment, as well as attempting to describe risk assessment in accordance with the present state of the art. Risk assessment is thus presented in an overview form from the viewpoint of being a means for decision-making and thus within the formal framework of decision theory. First the motivati...

Failures in critical infrastructures can cause major damage to society, and thus there is a need for a common approach to cross-sector risk analyses. This paper presents such an approach, which includes an extended preliminary hazard analysis and detailed risk analysis of electricity supply, carried out in a case study. The risk analysis approach constitutes an important basis for analyzing int...

1 Macrodiversity against Shadowing So far, the diversity techniques that are discussed are used to mitigate the eeects of small scale fading. These techniques are often called microscopic diversity. Similar diversity techniques exist in literature with the objective to combat shadow fading, which is known as macroscopic diversity. With macroscopic diversity, signals that are received from a mob...