Towards an Ontology-Driven Approach for Process-Aware Risk Propagation
share
The rapid development of cyber-physical systems creates an increasing demand for a general approach to risk, especially considering how physical and digital components affect the processes of the system itself. In risk analytics and management, risk propagation is a central technique, which allows the calculation of the cascading effect of risk within a system and supports risk mitigation activities. However, one open challenge is to devise a process-aware risk propagation solution that can be used to assess the impact of risk at different levels of abstraction, accounting for actors, processes, physical-digital objects, and their interrelations. To address this challenge, we propose a process-aware risk propagation approach that builds on two main components: i. an ontology, which supports functionalities typical of Semantic Web technologies (SWT), and semantics-based intelligent systems, representing a system with processes and objects having different levels of abstraction, and ii. a method to calculate the propagation of risk within the given system. We implemented our approach in a proof-of-concept tool, which was validated and demonstrated in the cybersecurity domain.
READ FULL TEXT