Quantitative Assessment for Organisational Security & Dependability

Yudistira Asnar, Massimo Felici, Fabio Massacci, Alessandra Tedeschi, Artsiom Yautsiukhin
2009 2009 Second International Conference on Dependability  
There are numerous metrics proposed to assess security and dependability of technical systems (e.g., number of defects per thousand lines of code). Unfortunately, most of these metrics are too low-level, and lack on capturing highlevel system abstractions required for organisation analysis. The analysis essentially enables the organisation to detect and eliminate possible threats by system re-organisations or re-configurations. In other words, it is necessary to assess security and
more » ... of organisational structures next to implementations and architectures of systems. This paper focuses on metrics suitable for assessing security and dependability aspects of a socio-technical system and supporting decision making in designing processes. We also highlight how these metrics can help in making the system more effective in providing security and dependability by applying socio-technical solutions (i.e., organisation design patterns). The ATM Case Study Air Traffic Management (ATM) system provides a set of ground-based services, such as giving air traffic instructions, air traffic planning and airspace management. These services
doi:10.1109/depend.2009.12 fatcat:l5gvsrybhvfzpgtbhiwnetqfgm