Publication type: Conference paper
Type of review: Peer review (publication)
Title: Enhancement of IT risk assessments by UML
Authors: Mock, Ralf Günter
Truninger, Benjamin
Brunner, Patrick
Hruz, Tomas
Proceedings: Safety and reliability : methodology and applications
Pages: 1531
Pages to: 1537
Conference details: European Safety and Reliability Conference (ESREL 2014), Wroclaw, Poland, 14-18 September 2014
Issue Date: 2015
Publisher / Ed. Institution: Taylor & Francis
Publisher / Ed. Institution: London
ISBN: 978-1-138-02681-0
Language: English
Subjects: IT security; Zuverlässigkeit; Unified Modeling Language; Risk assessment
Subject (DDC): 005: Computer programming, programs and data
Abstract: Unified Modeling Language diagrams (UML) are considered as an underestimated knowledge source for risk assessment (RA) approaches. For this, a combination of Class and Sequence Diagrams is used to get relevant information for further risk analysis. In an IT enterprise, existing business processes source code can be used to automatically generate a full process Class Diagram. The paper suggests a way to significantly reduce the size of the Class Diagram. To do this, the most relevant business case of the audited enterprise is selected and used to generate a Sequence Diagram. Tools simplify this approach. The resulting Sequence Diagram only consists of classes and operations relevant to the chosen business case. They can then be matched to the initial full system Class Diagram. Elements in the Class Diagram that do not have a match in the Sequence Diagram can be removed, resulting in a reduced Class Diagram. The reduced Class Diagram is the base for RA heuristics, e.g., many incoming associations of a class suggest that other classes often depend on this class. Therefore, a failure of this class ponts to an increased impact value.
Fulltext version: Published version
License (according to publishing contract): Licence according to publishing contract
Departement: School of Engineering
Organisational Unit: Institute of Applied Information Technology (InIT)
Appears in collections:Publikationen School of Engineering

Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.