Kim Weyns, & Martin Höst. (2009). Dependability of IT systems in municipal emergency management. In S. J. J. Landgren (Ed.), ISCRAM 2009 – 6th International Conference on Information Systems for Crisis Response and Management: Boundary Spanning Initiatives and New Perspectives. Gothenburg: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: In recent years governmental actors have become more and more dependent on IT systems for their responsibilities in a crisis situation. To avoid unexpected problems with the dependability of IT systems in the aftermath of a crisis it is important that such risks are identified and that measures can be taken to reduce the dependence on systems that could be unreliable. This paper describes two case studies exploring how Swedish municipalities incorporate IT systems in their emergency planning. The study focuses especially on how different actors within a municipality cooperate to analyse the risks of depending on IT systems in critical situations. The study shows that today there is much room for improvement, especially in the communication between IT personnel and emergency managers. Finally, this paper describes the requirements for a process improvement framework that can assist governmental actors in analysing and improving their dependency on IT systems in emergency management.
|
Kim Weyns, & Martin Höst. (2012). Risk analysis for critical systems with reliability block diagrams. In Z.Franco J. R. L. Rothkrantz (Ed.), ISCRAM 2012 Conference Proceedings – 9th International Conference on Information Systems for Crisis Response and Management. Vancouver, BC: Simon Fraser University.
Abstract: Governmental organisations are becoming more critically dependant on IT systems such as communication systems or patient data systems, both for their everyday tasks and their role in crisis relief activities. Therefore it is important for the organisation to analyse the reliability of these systems as part of the organisation's risk and vulnerability analysis process. This paper presents a practical risk analysis method for critical, large-scale IT systems in an organisation. The method is based on reliability block diagram modelling and was adapted to fit the requirements of governmental organisations and to reduce the effort required to capture complex failure behaviour. The paper first explicitly lists the requirements that such a risk analysis method must fulfil, then presents the proposed risk analysis method and finally outlines the planned evaluation of this method. © 2012 ISCRAM.
|
Kim Weyns, & Martin Höst. (2013). Case study on risk analysis for critical systems with reliability block diagrams. In J. Geldermann and T. Müller S. Fortier F. F. T. Comes (Ed.), ISCRAM 2013 Conference Proceedings – 10th International Conference on Information Systems for Crisis Response and Management (pp. 693–702). KIT; Baden-Baden: Karlsruher Institut fur Technologie.
Abstract: This paper presents a practical risk analysis method for critical, large-scale IT systems in an organisation. The method is based on reliability block diagram modelling and was adapted to fit the requirements of governmental organisations and to reduce the effort required to capture complex failure behaviour. Through the use of different failure categories the risk analysis can be simplified, the input data becomes easier to estimate and the results are easier to use in an organisational risk and vulnerability analysis. The paper first explicitly describes the different steps of the method and then presents a case study in which the method was applied and evaluated in a real-life setting. The method is meant to help an organisation to communicate internally about the reliability of their critical IT systems and to prioritise proposed improvements to this reliability.
|
Sardar Muhammad Sulaman, Taimor Abbas, Krzysztof Wnuk, & Martin Höst. (2014). Hazard analysis of collision avoidance system using STPA. In and P.C. Shih. L. Plotnick M. S. P. S.R. Hiltz (Ed.), ISCRAM 2014 Conference Proceedings – 11th International Conference on Information Systems for Crisis Response and Management (pp. 424–428). University Park, PA: The Pennsylvania State University.
Abstract: As our society becomes more and more dependent on IT systems, failures of these systems can harm more and more people and organizations both public and private. Diligently performing risk and hazard analysis helps to minimize the societal harms of IT system failures. In this paper we present experiences gained by applying the System Theoretic Process Analysis (STPA) method for hazard analysis on a forward collision avoidance system. Our main objectives are to investigate effectiveness in terms of the number and quality of identified hazards, and time efficiency in terms of required efforts of the studied method. Based on the findings of this study STPA has proved to be an effective and efficient hazard analysis method for assessing the safety of a safety-critical system and it requires a moderate level of effort.
|
Sardar Sulaman, & Martin Höst. (2018). Risk Analysis and Management of IT Systems: Practice and Challenges. In Kees Boersma, & Brian Tomaszeski (Eds.), ISCRAM 2018 Conference Proceedings – 15th International Conference on Information Systems for Crisis Response and Management (pp. 831–840). Rochester, NY (USA): Rochester Institute of Technology.
Abstract: Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Furthermore, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified, e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system, which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined.
|