TY  - JOUR
PY  - 2005//
TI  - Risk analysis of information systems by event process chains
JO  - International journal of critical infrastructures
A1  - Mock, Ralf
A1  - Corvo, Maurizio
SP  - 247
EP  - 257
VL  - 1
IS  - 2/3
N2  - Information and Communication Technology (ICT) has an important impact on critical infrastructure operation. However, the current use of risk analysis techniques has reached its limits when analysing these systems at least in practical terms. The application of extended event process chains (EPC) bypasses some of the difficulties, as they model business processes within an information system instead of much more complex hardware architectures and software interactions. The methodology described in this paper integrates ARIS (Architecture Integrated Information Systems) and FMEA (Failure Mode and Effects Analysis), i.e., a business modelling method based on EPCs and a risk assessment technique which are well established in their areas of application and branches of competence. A novel risk representation is discussed. The practicability of the methodology is demonstrated by a feasibility study.<p /> 
LA  - 
SN  - 1475-3219
UR  - http://dx.doi.org/10.1504/IJCIS.2005.006121
ID  - ref1
ER  -