printlogo
http://www.ethz.ch/
Herzlich Willkommen
  
Aktuell | Ueber uns | Personen
Kontakt | Übersicht | Hilfe
Forschung | Lehre | Dokumente
Partner | Intranet
print
  
ETH Zürich - MAVT - IET - LSA - Lehre - Semester-, Masterarbeiten, Dissertationen - Bisherige Arbeiten - Archiv für SA, DA, PhD.... - SA von T. Beltrame, 2004 
Lehre
Vorlesungen
Semester-, Masterarbeiten, Dissertationen
Aktuelle Arbeiten / Ongoing Work
Bisherige Arbeiten
Weiterbildung
Master Programme
Lehrmaterial

SA von T. Beltrame, 2004

Titel

Implementing the Concept of Vulnerability with AIDRAM

(SA: D-MAVT)

Betreuung

Dr. A. Gheorghe

Abgabe

Februar 2004

Abstract

Motivation

In the literature on risk assessment and management we find more and more a new concept called vulnerability. Until now it was used mainly as an idea very related to (if not quite the same) risk, but lately people start to distinguish between these two terminologies. For example the concept of vulnerability as a stand-alone property of the system under investigation, independent of risk, has been added to the Australian Emergency Risk Management Guidelines (AERMG) that have been worked out on the basis of the Australian Risk Management Standard (described in more detail in chapter 3).
The distinction between risk and vulnerability allows a more detailed analysis of the risk management problem: risk can be seen as an external threat to the system, meanwhile vulnerability is a property of the system itself, an internal force, namely the capability to defend itself.
Nowadays, there exist numerous software tools providing assistance with risk assessment. From generic approaches up to very industry-specific implementations, the market offers a solution to almost any problem (compare [6]). But these tools handle only risk assessment, providing a computer aided support for, it is true, three out of four steps of the AERMG that can be evaluated by computer at all, but neglecting the important task of establishing a vulnerability profile.


Goals

As a consequence thereof, this paper is to present a software tool (AIDRAM - AIDing Risk Assessment and Management) that provides a method to diagnose the current vulnerability of a system. The presentation is done in a manual-like style in order to have a first documentary for AIDRAM Tools.
With a sample application, it shall be demonstrated, where in existing risk managements standards such a tool can go into action, contributing to a more profound analysis of the problem.

Of course, this examination includes pointing out advantages and disadvantages of the vulnerability assessment tool of AIDRAM.

It is assumed that the reader already has some knowledge on risk analysis and risk management. The purpose of this paper is not to give an introduction to risk analysis itself (chapter two for example is supposed to be a repetition only) but rather to position AIDRAM-Tools within the concept of vulnerability coupled with the detailed instructions how to get from the pure model to representative numbers.


Structure

First of all, a short introduction part into the field of risk analysis will define some terms that are often used with different meanings and it presents a possible risk assessment process. This process is based on the Australian Risk Management Standard but includes already proposals for improvements that will be declared clearly, though, in order to be able to distinguish between the original Standard and its potential alterations.

AIDRAM contains several tools assisting within the topic of risk management. However, attention is turned to the one that approaches the idea of quantitative vulnerability assessment (QVA - Quantitative Vulnerability Assessment). This tool itself consists of three modules: The first dealing with stability related vulnerability, the second with risk management related vulnerability and the third with complexity induced vulnerability.


Thus, the next three chapters cover the functionality of each module, giving first a short overview of the mathematical principles behind the model, followed by a concrete introduction to the software itself.
This introduction also gives hints about what menus have to be chosen and what menu entries have to be clicked. Such information will be encoded as follows: [Files ; Open Indicator Set] describes the sequence of actions shown in the Figure. The first part of the parenthesis-tuple depicts the menu of the current window, the second part then is the menu entry.

Chapter six combines the results of chapter three, four and five, outlining an assessment's process for a concrete problem (setting up a shared service centre).

Chapter seven concludes all impressions and gives some suggestion for improvements on AIDRAM.

Last but not least, the appendix reports bugs and inconveniences that were found while testing and experimenting with AIDRAM.

 

Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne graphische Elemente dargestellt. Die Funktionalität der Website ist aber trotzdem gewährleistet. Wenn Sie diese Website regelmässig benutzen, empfehlen wir Ihnen, auf Ihrem Computer einen aktuellen Browser zu installieren. Weitere Informationen finden Sie auf
folgender Seite.

Important Note:
The content in this site is accessible to any browser or Internet device, however, some graphics will display correctly only in the newer versions of Netscape. To get the most out of our site we suggest you upgrade to a newer browser.
More information

© 2013 ETH Zürich | Impressum | Disclaimer | 5.9.2005
top