Skip to content

How to create a Risk Model

Jump to bottom
Lidia edited this page Apr 9, 2015 · 16 revisions

Risk models are represented using a formal modelling language (RiskML) that allows us to (i) represent risks, their causes and possible effects, (ii) link measures and indicators to risks likelihood, severity and exposure, and (iii) link risk events to business goals to evaluate their impact.

#RiskML Language

The RISCOSS risk modelling language contains the main concepts of Indicator, Situation, **Event ** and Goal. These concepts are characterised by properties, and are linked with each other through relationships. Risks, their assessment and mitigation possibilities, emerge from the interplay of concepts, relations and properties, and are the result of the different analysis types.

##RiskML Metamodel The RiskML meta-model defines the modelling primitives of risk and the interplay between risk, goals and the ecosystem. Situations and events are the core of the meta-model. The evidence to be in a certain situation can be quantified (especially in an OSS context) by means of indicators, which were empirically evaluated or approved by experts and base on measurements of available data. Situations represent the causes for risks to appear, while events represent the manifestation of a risk. Expose, increase, protect and reduce relations from situations (and events) to events quantify the likelihood for an event to occur and the significance of its consequences. Events impact the satisfaction of goals that actors desire to be achieved. This impact may be propagated to other goals, e.g. through i* contribution and decomposition relationships (see How to create a Goal Model).

##RiskML Primitives

Construct Definition
Indicator An indicator is representation of one (raw value) or more (composite value) measures of some entity
Situation A situation is a partial state-of-affairs where some facts are true, others false, and some neither true nor false
Event An event is the occurrence, at a given place and time, of a change in circumstances for the concept of risk event in requirements engineering).
Attribute Definition
Satisfaction A situation is satisfied if there is evidence that the state of affairs it describes holds
Likelihood An event is likely if it’s occurrence is possible
Significance An event is significant if its occurrence is perceived as negative with respect to some goals or assets
Exposure Probability and Criticality values are relevant to the extent that they tell us under- stand which events are potentially dangerous, that is, are risky. We call this Riskiness value
Satisfiability A goal is satisfiable if there is some evidence that it may be fulfilled in the future; if there is evidence that something may prevent the goal’s fulfilment, the goal is said to be threatened

#Risk Model persistency

RISCOSS Models

###Tutorials/Guides [How to contribute](How to contribute)
[How to create a Risk Model](How to create a Risk Model)
[How to create a Goal Model](How to create a Goal Model)
[How to set up the BN tool](How to set up the BN tool)

Models

[Goal Models](Goal Models)
[Risk Models](Risk Models)

###Others RISCOSS Corporate
RISCOSS GithubAnalizer
Risk Data Colletors

Clone this wiki locally