A Platform for Risk Analysis of Security Critical Systems
|
|
- Iris Harper
- 6 years ago
- Views:
Transcription
1 of Security Critical Systems Model-based Risk Analysis Targeting Security Bjørn Axel Gran Institutt for energiteknikk / OECD Halden Reactor Project bjorn.axel.gran@hrp.no
2 Overview Introduction The CORAS framework Model-based risk assessment The CORAS risk management process The CORAS system documentation framework The CORAS platform for tool integration The CORAS integrated risk management and development process CORAS trials Conclusions 2
3 The CORAS Project A research and technological development project under the Information Society Technologies (IST) Programme Started up in January 2001 and runs until July commercial companies: Intracom (Greece), Solinet (Germany) and Telenor (Norway); 7 research institutes: CTI (Greece), FORTH (Greece); IFE (Norway), NCT (Norway), NR (Norway), RAL (UK) and Sintef (Norway); 1 university college: QMW (UK). Telenor administrative responsible Sintef scientific coordinator IFE responsible for the work package on Risk Analysis 3
4 What is CORAS? Aims at developing a practical framework for a precise, unambiguous, and efficient risk analysis of security critical systems. Exploits methods for risk analysis, semiformal description methods, and computerised tools The focus lies on the tight integration of viewpoint-oriented UML-like modelling in the risk management process. CORAS addresses security critical systems in general, but puts particular emphasis on IT security. Includes all aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, non-repudiation, accountability, authenticity, and reliability of IT systems. An IT system in the sense of CORAS is not just technology, but also the humans interacting with the technology and all relevant aspects of the surrounding organisation and society. 4
5 The CORAS approach: Model-based Risk Assessment Risk assessment Precise input at the right level of abstraction Graphical OO-modelling Graphical oo-models as media for communication Model-based risk assessment Documentation of analysis results and assumptions 5
6 Benefits of Model-based Risk Assessment Improved precision in the description of security relevant features improves quality of risk analysis results State-of-the-art graphical modeling furthers communication between stakeholders, thereby preventing misconceptions Increased possibilities for reuse reduces maintenance costs Interoperability between different methods improves effectiveness Rich set of tools increases productivity, efficiency as well as maintenance Tight integration of risk management in the system development process reduces development costs and ensures that the specified security level is achieved 6
7 AS/NZS 4360: Risk Management Process The CORAS framework System documentation framework RM-ODP: Reference Model for Open Distributed Processing Risk management process Model-based risk assessment Integrated development and risk management process XML: extensible Markup Language Platform for tool inclusion based on data integration RUP: Rational Unified Process 7
8 Monitor and review The CORAS risk management process Consequence Establish the context Identify Risk Analyse Risks Evaluate Risks Accept Risks Treat Risks Likelihood Estimate level of Risk Communicate and Consult The process is based on AS/NZS 4360: 1999 Risk Management ISO/IEC : 2000 Code of Practise for Information Security Management. Complemented by: ISO/IEC TR : 2001 Guidelines for the Management of IT Security IEC 61508: 2000 Functional Safety of Electrical/Electronic/ Programmable Safety Related Systems. 8
9 The CORAS system documentation framework based on the ISO/IEC series: 1995 Basic Reference Model for Open Distributed Processing (RM-ODP). RM-ODP divides the system documentation into five viewpoints. It also provides modelling, specification and structuring terminology, a conformance module addressing implementation and consistency requirements, as well as a distribution module defining transparencies and functions required to realise these transparencies. The CORAS system documentation framework extends RM-ODP with concepts and terminology for risk management and security; within each viewpoint carefully defined models targeting model-based risk management and assessment of security-critical systems; libraries of reusable model fragments targeting risk assessment; additional support for conformance checking; a risk management module. 9
10 The CORAS Integrated risk management and development process CORAS framework CORAS risk management process CORAS system developmentprocess CORAS methodology INSTANTIATION OF Identify context Inception Identify Assets iterate Choose a part Architect a part Analyse a part Compose in review risks and consult Identify risks enterprise viewpoint Identify Risks Inception Elaboration Analyse Risks Value Asset Communicate and Consult MANAGE RISK iterate Choose a part Architect a part Analyse a part Compose in review risks and consult information & computation viewpoint Elaboration Analyse risks Monitor and Review Construction DESIGN USING Analyse Evaluate iterate Choose a part Architect a part Analyse a part Compose in review risks and consult engineering & technology viewpoint Construction Evaluate risks Transition iterate Choose a part Architect a part Analyse a part Compose in review risks and consult system implementation Test Monitor Transition Treat risks INSTANTIATION OF The CORAS integrated risk management and development process is based on an integration of AS/NZS 4360 and an adaptation of the Unified Process to support RM-ODP inspired viewpoint oriented modelling. 10
11 The CORAS platform for tool integration based on data integration Commercial modelling tools XSL The CORAS platform XML tools providing basic functionality XML/XMI internal representation XSL Commercial vulnerability and treat management tools XSL Data integration implemented in terms of XML Commercial risk analysis tools Relevant aspects of the internal data representation may be mapped to the internal data representations (XML/XMI) of other tools. This allows the integration of sophisticated case-tools targeting system development as well as risk analysis tools and tools for vulnerability and treat management. 11
12 Identify Context A Platform for Risk (Prepare/Describe Analysis the TOE) the strategic contexts of Security Critical the organisational Systems contexts the risk management context develop criteria decide the structure Identify Risk What can happen? How can it happen? target Intranet The role of the CORAS 1..* Risk Remote network uses Management process assets 1 administrates 1..* Administrator Main network VPN technique * Database Gateway 1..* 1..* Remote network PC Main network PC 1 1 Remote network Main network Gateway Gateway Asset Analyse Risks People Information Hardware Software Determine likelihood Estimate level of risk Determine consequences Evaluate Risks compare against criteria, set risk priorities threat scenario Doctor Specialist read personal card includes Login includes Check Password Read Medical files prevents Unauthorised Login sign security statement prevents Disobbeying security rules Tap Communication Crook Accept Risks includes Write prevents Medical files includes Use VPN - Firewall/Encryption Treat Risks ADVICE (Requirements) identify treatment options evaluate treatment options select treatment options prepare treatment plans implement plans hazards Consequence Data loss * has Hazard Wet computer 12
13 Evaluated methods Sub processes supported by methods Hazard and operability study (HAZOP); Fault tree analysis (FTA); Failure Mode and Effect Criticality Analysis (FMECA); Markov analysis methods (Markov); Goals Means Task Analysis (GMTA); and CCTA Risk Analysis and Management methodology (CRAMM). Sub-process Context identification Identify Risks Analyse Risks Risk Evaluation Risk Treatment Recommended Method(s) CRAMM HAZOP, CRAMM FMECA, FTA, MARKOV CRAMM, FTA HAZOP Supporting Method(s) HAZOP FTA, FMECA, GMTA, HAZOP All methods FMECA 13
14 The CORAS trials In order to ensure the effectiveness and broad applicability of the framework, two architecturally diverse platforms one in the telemedicine and one in the e-commerce domain In these trials, in addition to the CORAS consortium, external medical doctors will also be involved in risk analysis tasks. The purpose of the trials is to experiment with all aspects of the framework during its development, provide feedback for improvements and offer an overall assessment. 3 sub-trials within Telemedicine and E-commerce 14
15 The CORAS trials The E-commerce platform is a typical Web-based application using Internet technology. Availability issues Criticality: Unavailability of a telemedicine platform may have severe consequences resulting in loss of life. Graceful degradation: The E-commerce platform is intended for several users, whereas the telemedicine serves a small number of users. Increase in the number of users may result in degradation of response time. Accountability issues: It is important for a telemedicine platform to be able to provide information regarding the access or modifications of data. A significant distinguishing factor is the nature of security risks: The E-commerce platform is open to Internet, attracting attackers that probe for weaknesses or opportunities for malicious exploitation, The telemedicine platform operates on a closed network with authorised users communicating using controlled computers. 15
16 Software/Hardware developed for the Crete Pilot of the ATTRACT project Spiro meter Breath Data Spirometer Cardiograph Cardiograph Module Manager TCP/IP Connection Module Manager Patient (remote health care centre) Video Conference Video Conference Doctor (hospital) Stethoscope Stethoscope Blood Pressure Blood Pressure Blood Pressure Data Figure 4: The follow-up scenario of asthmatic children in Crete 16
17 Consumers Suppliers A Platform for Risk Analysis Retailer Internal Legacy Systems Personilized Retail Store Visualizer Virtual Advertiser Advertising & Media Agency Virtual Shopping Operator Shopping Recommender Media Shopper On line Sales Negotiator Home Shopping Service Personilized Retail Store Visualizer Consumer Behaqvior framework Observer Wizard Help Desk Operator Virtual Catalogue Scheme Supplier Electronic Catalogues Consumer & Product Information Database Electronic Commerce Platform Provision of basic Electronic Retailing Services Interconnectivity Interdependance Integration Information flow Relativity 17
18 The authentication mechanism [Valid Account] Main /create(sn) login(sn,un,pw) [Invalid Account] home(sn) Home Login visitor(sn) invalid-request restart/create(sn) Logout logout(sn)/remove(sn) profile(sn) Profile State Machine 18
19 Combining RA methods and UML models Visitor: Internet: E-commercePlatform: register form request transfer request HAZOP Attributes: send register form transfer register form send completed form Confidentiality Disclosure transfer completed form Integrity Manipulation send username / password Availability Accountability Denial, delayed Untracability UML Sequence diagram 19
20 Plan First Trial The CORAS trials E-commerce D nd D rd First e-commerce trial Involvement Feedback Assessment Education Analysis results Planning input Basis for further reports D We are here! D
21 Conclusion The CORAS framework for model-based risk assessment. The CORAS risk assessment methodology integrates aspects of HazOp, FTA, FMECA, Markov Analysis as well as CRAMM. It is model-based in the sense that it gives detailed recommendations for the use of UML-oriented modelling in conjunction with assessment. 1. To describe the target of assessment at the right level of abstraction. 2. As a medium for communication and interaction between different groups of stakeholders involved in risk assessment. 3. To document risk assessment results and the assumptions on which these results depend. 21
22 Want to know more? Publications and Public Reports will be updated within short time Contact Points CORAS Public Workshop Plan: CORAS workshop at the International Conference on Telemedicine 2002 (ICT2002) September in Regenburg, Germany. 22
Model-based risk assessment the CORAS approach
Model-based risk assessment the CORAS approach Ketil Stølen 1, Folker den Braber 1, Theo Dimitrakos 2, Rune Fredriksen 3, Bjørn Axel Gran 3, Siv-Hilde Houmb 4, Mass Soldal Lund 1, Yannis C. Stamatiou 5
More informationTABLES OF CONTENTS CHAPTER TITLE PAGE
vii TABLES OF CONTENTS CHAPTER TITLE PAGE DECLARATION DEDICATION ACKNOWLEDGEMENT ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF ABBREVIATIONS LIST OF APPENDICES ii iii iv v vi
More informationVIEWPOINTS ON INSPIRE ARCHITECTURE
VIEWPOINTS ON INSPIRE ARCHITECTURE Jerzy Gazdzicki INSPIRE 2010 KRAKÓW 1. INTRODUCTION CONTENTS 2. ARCHITECTURE MODELING BASED ON ISO/IEC 42010:2007 3. ARCHITECTURE FRAMEWORKS 4. TIERS OF INSPIRE ARCHITECTURE
More informationPassit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2
Passit4Sure.OG0-093.221Questions Number: OG0-093 Passing Score: 800 Time Limit: 120 min File Version: 7.1 TOGAF 9 Combined Part 1 and Part 2 One of the great thing about pass4sure is that is saves our
More informationLecture 1. In practice, most large systems are developed using a. A software process model is an abstract representation
Chapter 2 Software Processes Lecture 1 Software process descriptions When we describe and discuss processes, we usually talk about the activities in these processes such as specifying a data model, designing
More informatione-ordering User guide for Suppliers Version /11/2013
e-ordering e-prior Supplier Portal User guide for Suppliers Version 1.0 12/11/2013 1 2 Table of contents Introduction e-procurement overview e-ordering: objectives and architecture e-ordering: actors &
More informationFrom the Decision Support on the Ground to the Decision Support in the Cloud
From the Decision Support on the Ground to the Decision Support in the Cloud Aida Omerovic, SINTEF ICT Valencia, Spain May 29 th 2013 1 Outline Why decision support What we have on the ground What we need
More informationModel-based security analysis in seven steps a guided tour to the CORAS method
Model-based security analysis in seven steps a guided tour to the CORAS method F den Braber, I Hogganvik, M S Lund, K Stølen and F Vraalsen This paper presents the CORAS method for model-based security
More informationArcade Game Maker Product Line - Concep of Operations
Arcade Game Maker Product Line - Concep of Operations ArcadeGame Team July 2003 Table of Contents 1 Overview 1 1.1 Identification 1 1.2 Document Map 1 1.3 Concepts 2 1.4 Readership 2 2 Approach 3 3 Background
More informationCHAPTER 2 LITERATURE SURVEY
10 CHAPTER 2 LITERATURE SURVEY This chapter provides the related work that has been done about the software performance requirements which includes the sub sections like requirements engineering, functional
More informationUse cases. Paul Jackson. School of Informatics University of Edinburgh
Use cases Paul Jackson School of Informatics University of Edinburgh Use cases An important part of any requirements document for a system is a description of the system s behaviour from the viewpoint
More informationArcade Game Maker Product Line Concept of Operations
Arcade Game Maker Product Line Concept of Operations ArcadeGame Team July 2003 Table of Contents 1 Overview 1 1.1 Identification 2 1.2 Document Map 2 1.3 Concepts 3 1.4 Readership 3 2 Approach 4 3 Background
More informationService Oriented Architecture
Service Oriented Architecture Part I INTRODUCING SOA Service Oriented Architecture- Presented by Hassan.Tanabi@Gmail.com 2 Fundamental SOA 1. The term "service-oriented" has existed for some time, it has
More informationSecure Integration of the PersoApp-Open-Source-Library
Secure Integration of the PersoApp-Open-Source-Library Konstituierende Sitzung des Beirates BMI, September 4, 2013 Fraunhofer SIT Agenda I. Security- and quality management measures of the PersoApp-Open-Source-Library
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at http://www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2003 Vol. 2, No. 5, September - October 2003 Using Quality Models to Engineer Quality
More informationSTOCHASTIC MODELS AND MOBILE E-COMMERCE: Are stochastic models usable in the analysis of risk in mobile e-commerce?
STOCHASTIC MODELS AND MOBILE E-COMMERCE: Are stochastic models usable in the analysis of risk in mobile e-commerce? by Siv Hilde Houmb University college of Østfold 15. February 2002 PREFACE Living in
More informationDigital Industries Apprenticeship: Occupational Brief. Unified Communications Trouble Shooter. March 2016
Digital Industries Apprenticeship: Occupational Brief Unified Communications Trouble Shooter March 2016 1 Digital Industries Apprenticeships: Occupational Brief Level 4 Unified Communications Trouble Shooter
More informationDigital Industries Apprenticeship: Occupational Brief. Unified Communications Trouble Shooter. March 2016
Digital Industries Apprenticeship: Occupational Brief Unified Communications Trouble Shooter March 2016 1 Digital Industries Apprenticeships: Occupational Brief Level 4 Unified Communications Trouble Shooter
More informationRational Unified Process (RUP) in e-business Development
Rational Unified Process (RUP) in e-business Development Jouko Poutanen/11.3.2005 2004 IBM Corporation Agenda Characteristics of e-business Development Business Modeling with RUP and UML Rational Tools
More information2013 Rational Software Open Labs
2013 Rational Software Open Labs Target to better LEARNING (not substitution for full training course) Software Choose from one or more of twelve Self-Paced, Hands-On Labs: Rational System Architect for
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2003 Vol. 2, No. 3, May-June 2003 Don t Rip and Replace, Integrate! Mahesh H. Dodani, IBM
More informationPrerequisites It is recommended that the participants have a working knowledge of traditional Business Analysis tasks and techniques.
BA31 - Unified Modeling Language (UML) for Business Analysts This course will provide Business Analysts with new capabilities to improve their skills with using visual modeling techniques to document requirements.
More informationIndustrial IT System 800xA Engineering
Industrial IT System 800xA Engineering Overview Features and Benefits Integrated Engineering Environment Supports the engineering of the entire extended automation system - from field device to plant management
More informationSoftware Assurance Ecosystem
Software Assurance Ecosystem Djenana Campara Chief Executive Officer, KDM Analytics Board Director, Object Management Group (OMG) Co-Chair Software Assurance and Architecture Driven Modernization, OMG
More informationThe Maintenance Pro s Guide to Controller Replacement: Plan Your Strategy
Digital Factory The Maintenance Pro s Guide to Controller Replacement: Plan Your Strategy usa.siemens.com/modernize The Maintenance Pro s Guide to Controller Replacement: Plan Your Strategy Digital Factory
More informationdummy activity 301 dynamic model 265 functional mental model 70 functions 316
396 Index Index A abstract classes 137 abstract operation 137 abstract syntax 129, 133 account 52 activity -dimension 238 activity diagrams 12, 294, 315 activity graph 298 actor stereotypes 361 aggregation
More informationModel-Based Enterprise Information System Architectural Design with SysML
9th International Conference on Research Challenges in Information Science, May 13-15 2015, Athens, Greece Doctoral Consortium Model-Based Enterprise Information System Architectural Design with SysML
More informationIndustry 4.0 What does it Mean for CAPIEL Manufacturers?
Industry 4.0 What does it Mean for CAPIEL Manufacturers? 1 INTRODUCTION Manufacturing industry has entered in a new phase of changes, which foresee digital technologies to be integrated within the heart
More informationRequirements Analysis
Requirements Analysis Analysis and Design? Analysis emphasizes an investigation of the problem and requirements, rather than a solution. Analysis = requirements analysis + object analysis. Requirement
More informationAsset Management and Dependability Supporting the Business. James (Jim) Kennedy CPEng, CFAM, CAMA
Asset Management and Dependability Supporting the Business James (Jim) Kennedy CPEng, CFAM, CAMA Coverage Text The burning platform for change in Dependability standards Technical Committee TC 56 13 Countries
More informationHARMONIZATION OF STANDARDS FOR ENTERPRISE INTEGRATION AN URGENT NEED. Martin Zelm
HARMONIZATION OF STANDARDS FOR ENTERPRISE INTEGRATION AN URGENT NEED Martin Zelm CIMOSA Association Gehenbuehlstr 18a, D-70499 Stuttgart e-mail: martin.zelm@cimosa.de Abstract: Business globalisation requires
More informationChapter 16 Software Reuse. Chapter 16 Software reuse
Chapter 16 Software Reuse 1 Topics covered The reuse landscape Application frameworks Software product lines COTS product reuse 2 Software reuse In most engineering disciplines, systems are designed by
More informationChapter 16 Software Reuse. Chapter 16 Software reuse
Chapter 16 Software Reuse 1 Topics covered What is software reuse? Benefit and problems with reuse. The reuse landscape Application frameworks Software product lines COTS product reuse 2 Software reuse
More informationPROCESS AUTOMATION FOR DISTRIBUTION OPERATIONS MANAGEMENT. Stipe Fustar. KEMA Consulting, USA. Components
PROCESS AUTOMATION FOR DISTRIBUTION OPERATIONS MANAGEMENT Stipe Fustar KEMA Consulting, USA INTRODUCTION To prosper in a competitive market, distribution utilities are forced to better integrate their
More informationCertification Exam Content Outline: Certification in Monitoring, Evaluation, Accountability, and Learning (MEAL) FINAL (8 September 2017)
Certification Exam Content Outline: Certification in Monitoring, Evaluation, Accountability, and Learning (MEAL) FINAL (8 September 2017) Domain 1: Components, concepts, and principles of MEAL/Situating
More informationThe Integrator s Guide to Controller Replacement: Plan Your Strategy
Digital Factory The Integrator s Guide to Controller Replacement: Plan Your Strategy usa.siemens.com/modernize The Integrator s Guide to Controller Replacement: Plan Your Strategy Digital Factory As an
More informationThe Rational Unified Process for Systems Engineering PART II: Distinctive Features
The Rational Unified Process for Systems Engineering PART II: Distinctive Features by Murray Cantor Principal Consultant Rational Software Corporation In Part I of this article, published in last month's
More informationC2-304 INTEGRATED INFORMATION SYSTEM FOR THE SIEPAC REGIONAL ELECTRICITY MARKET
21, rue d'artois, F-75008 Paris http://www.cigre.org C2-304 Session 2004 CIGRÉ INTEGRATED INFORMATION SYSTEM FOR THE SIEPAC REGIONAL ELECTRICITY MARKET RENATO CÉSPEDES *, KEMA (Colombia) LEON MADRID, KEMA
More informationDistributed Models for Brokerage on Electronic Commerce I
Distributed Models for Brokerage on Electronic Commerce I Isabel Gallego, isabel@ac.upc.es Jaime Delgado, delgado @ ac.upc.es Jos6 J. Acebr6n, acebron@ac.upc.es Telematic Applications Group Computer Architecture
More informationSoftware Life Cycle. Main Topics. Introduction
Software Life Cycle Main Topics Study the different life cycle models Study the difference between software maintenance and evolution Study product line engineering as a design methodology 2 Introduction
More informationRequirements Knowledge Model. Business. Event. Business. responding. Business. Use Case 1.. Business tracing * * * * Requirement
Requirements Knowledge Model This model provides a language for communicating the knowledge that you discover during requirements-related activities. We present it here as a guide to the information you
More informationTECHNICAL SPECIFICATION
TECHNICAL SPECIFICATION IEC TS 62832-1 Edition 1.0 2016-12 colour inside Industrial-process measurement, control and automation Digital factory framework Part 1: General principles INTERNATIONAL ELECTROTECHNICAL
More informationDigital Industries Apprenticeship: Occupational Brief. Software Development Technician. September 2016
Digital Industries Apprenticeship: Occupational Brief Software Development Technician September 2016 1 Digital Industries Apprenticeships: Occupational Brief Level 3 Software Development Technician Apprenticeship
More informationDigital Industries Apprenticeship: Occupational Brief. Software Development Technician. September 2016
Digital Industries Apprenticeship: Occupational Brief Software Development Technician September 2016 1 Digital Industries Apprenticeships: Occupational Brief Level 3 Software Development Technician Apprenticeship
More informationArchitecture Development Methodology for Business Applications
4/7/2004 Business Applications Santonu Sarkar, Riaz Kapadia, Srinivas Thonse and Ananth Chandramouli The Open Group Practitioners Conference April 2004 Topics Motivation Methodology Overview Language and
More informationThe Manager s Guide to Controller Replacement: Plan Your Strategy
Digital Factory The Manager s Guide to Controller Replacement: Plan Your Strategy usa.siemens.com/modernize The Manager s Guide to Controller Replacement: Plan Your Strategy Digital Factory As a plant
More informationThe good news. 34% of software projects succeed. Standish Group, CHAOS Report, 2003
The good news 34% of software projects succeed. Standish Group, CHAOS Report, 2003 1 The bad news That means 66% failed! Standish Group, CHAOS Report, 2003 2 Best Practices Develop Iteratively Manage Requirements
More informationRequirements Engineering
Requirements Engineering Software Engineering Andreas Zeller Saarland University Requirements Engineering The Real World Requirements Engineering A description of what the system should do (but not how)
More informationSoftware Processes. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 4 Slide 1
Software Processes Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 4 Slide 1 Objectives To introduce software process models To describe three generic process models and when they may be
More informationThe software process
Software Processes The software process A structured set of activities required to develop a software system Specification; Design; Validation; Evolution. A software process model is an abstract representation
More informationThe Systems Development Lifecycle
Modelling and Systems Development Lecture 2 The Systems Development Lifecycle The four-phase model common to all system developments projects The project Major attributes of the Lifecycle Moves systematically
More informationComparison of Common Criteria and CORAS *
Comparison of Common Criteria and CORAS * Soop Oliver This essay gives an overview of the two security risk management approaches that are widely used, Common Criteria and CORAS. Both of the approaches
More informationREQUIREMENTS ENGINEERING
1 REQUIREMENTS ENGINEERING Chapter 4- by Ian Sommerville TOPICS COVERED Functional and non-functional requirements The software requirements document Requirements specification Requirements engineering
More informationFUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER G: INSTRUMENTATION AND CONTROL
PAGE : 1 / 14 SUB CHAPTER G.6 I&C PROCEDURES AND TOOLS 1. STANDARD I&C SYSTEM This section describes the tools used for PAS/SAS (level 1 automation data) and MCP[PICS] (HMI) I&C programming. It includes
More informationISO 2018 COPYRIGHT PROTECTED DOCUMENT All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of th
INTERNATIONAL STANDARD ISO 31000 Second edition 2018-02 Risk management Guidelines Management du risque Lignes directrices Reference number ISO 31000:2018(E) ISO 2018 ISO 2018 COPYRIGHT PROTECTED DOCUMENT
More informationSoftware Reuse. Ian Sommerville 2006 MSc module: Advanced Software Engineering Slide 1
Software Reuse Ian Sommerville 2006 MSc module: Advanced Software Engineering Slide 1 Objectives To explain the benefits of software reuse and some reuse problems To discuss several different ways to implement
More informationEnterprise Architecture Development
Methodology Overview Prepared For: Our Valued Clients Introduction Page 2 Engagement Objectives Perform an assessment of the current Enterprise against the short and long term IT and Business Strategic
More informationInformatics Nurse Board Certification Test Content Outline
Informatics Nurse Board Certification Test Content Outline There are 175 questions on this examination. Of these, 150 are scored questions and 25 are nonscored pretest questions. Questions are pretested
More informationEE 446 EMBEDDED ARCHITECTURE Embedded System in UML
EE 446 EMBEDDED ARCHITECTURE Embedded System in UML Airs Lin UML (UNIFIED MODELING LANGUAGE) 1 What is UML? Created and developed by Grady Booch, Ivar Jacobson, and James Rumbaugh at Rational Software
More informationEnterprise Architecture Dealing with Complexity and Change
member of Enterprise Architecture Dealing with Complexity and Change Introduction to Business-IT Alignment and Enterprise Architecture 1 Drivers for Change can be internal and external External Drivers
More informationSoftware Processes. Objectives. Topics covered. The software process. Waterfall model. Generic software process models
Objectives Software Processes To introduce software process models To describe three generic process models and when they may be used To describe outline process models for requirements engineering, software
More information4. INTRODUCTION TO STANDARDS AND CONCEPTS FOR DATA HARMONIZATION AND DEVELOPMENT OF ELECTRONIC TRADE DOCUMENTS
4. INTRODUCTION TO STANDARDS AND CONCEPTS FOR DATA HARMONIZATION AND DEVELOPMENT OF ELECTRONIC TRADE DOCUMENTS Modern global trade takes place in a multilingual environment, touches the legislation of
More informationObjectives. The software process. Topics covered. Waterfall model. Generic software process models. Software Processes
Objectives Software Processes To introduce software process models To describe three generic process models and when they may be used To describe outline process models for requirements engineering, software
More informationISO INTERNATIONAL STANDARD. Health informatics Requirements for an electronic health record architecture
INTERNATIONAL STANDARD ISO 18308 First edition 2011-04-15 Health informatics Requirements for an electronic health record architecture Informatique de santé Exigences relatives à une architecture de l'enregistrement
More informationTopics covered. Software process models Process iteration Process activities The Rational Unified Process Computer-aided software engineering
Software Processes Objectives To introduce software process models To describe three generic process models and when they may be used To describe outline process models for requirements engineering, software
More informationDigital Industries Apprenticeship: Occupational Brief. Infrastructure Technician. January 2017
Digital Industries Apprenticeship: Occupational Brief Infrastructure Technician January 2017 1 Digital Industries Apprenticeships: Occupational Brief Level 3 Infrastructure Technician Apprenticeship Minimum
More informationWhat are requirements? Basics of Requirement Engineering. Definition of a Stakeholder. Stated Vs. Real Requirements. Stated Vs.
What are requirements? Basics of Requirement Engineering Muzaffar Iqbal Farooqi A requirement is a necessary attribute in a system, a statement that identifies a capability, characteristic, or quality
More informationSERVICE ORIENTED ARCHITECTURE (SOA)
International Civil Aviation Organization SERVICE ORIENTED ARCHITECTURE (SOA) ICAO APAC OFFICE BACKGROUND SOA not a new concept. Sun defined SOA in late 1990s to describe Jini. Services delivered over
More informationScaling Up & Scaling Down
Iterative Project Management: A Scalable Approach to Managing Software Development Projects 1 Iterative software development methodologies offer many benefitsfor modern software development projects but
More informationAGRIFOOD FRONTRUNNER IN IOT
AGRIFOOD FRONTRUNNER IN IOT IoF2020 The Internet of Food and Farm GEORGE BEERS Venlo, June 29, 2017 ADVANCEMENTS IN FARMING SMART SENSING & MONITORING BIG DATA SMART ANALYSIS & PLANNING SMART CONTROL JANUARY
More informationSession Nine: Functional Safety Gap Analysis and Filling the Gaps
Session Nine: Functional Safety Gap Analysis and Filling the Gaps Presenter Colin Easton ProSalus Limited Abstract Increasingly regulatory and competent authorities are looking to hazardous Installation
More informationPSS E. High-Performance Transmission Planning Application for the Power Industry. Answers for energy.
PSS E High-Performance Transmission Planning Application for the Power Industry Answers for energy. PSS E architecture power flow, short circuit and dynamic simulation Siemens Power Technologies International
More informationWork Product Dependency Diagram
Work Product Dependency Diagram Project Definition System Context Subject Area Model Architectural Decisions Requirements Matrix Use Case Model Service Model Non Functional Requirements Component Model
More informationTechniques and benefits of incorporating Safety and Security analysis into a Model Based System Engineering Environment
Techniques and benefits of incorporating Safety and Security analysis into a Model Based System Engineering Environment Gavin Arthurs P.E Solution Architect Systems Engineering IBM Software, Rational Common
More informationThe Digital Twin in the water business in context with ISA 95
The Digital Twin in the water business in context with ISA 95 From Data to value Frei verwendbar Siemens AG 2018 siemens.com Agenda What s behind ISA-95? Idea of the digital twin Benefit of the digital
More informationComponent-Based Software Engineering. ECE493-Topic 5 Winter Lecture 27 Component Based Development Process (Part A)
Component-Based Software Engineering ECE493-Topic 5 Winter 2007 Lecture 27 Component Based Development Process (Part A) Ladan Tahvildari Assistant Professor Dept. of Elect. & Comp. Eng. University of Waterloo
More informationOracle s Hyperion System 9 Strategic Finance
Oracle s Hyperion System 9 Strategic Finance June 2007 Light Use... 3 Heavy Use... 3 Client Machine... 3 Server Machine... 3 Client Machine... 3 Server Machine... 3 Data Integration... 3 The Hyperion System
More informationMark VIeS. A SIL 2 and SIL 3 functional safety system for today s connected world. geautomation.com
Mark VIeS * A SIL 2 and SIL 3 functional safety system for today s connected world geautomation.com Mark VIeS Functional Safety System In today s world of brilliant machines, operators require high-performance
More informationService oriented architecture solutions White paper. IBM SOA Foundation: providing what you need to get started with SOA.
Service oriented architecture solutions White paper IBM SOA Foundation: providing what you need to get started with SOA. September 2005 Page 2 Contents 2 Executive summary 2 SOA: the key to maximizing
More informationChapter 3 Prescriptive Process Models
Chapter 3 Prescriptive Process Models - Generic process framework (revisited) - Traditional process models - Specialized process models - The unified process Generic Process Framework Communication Involves
More informationCroatian Strategy for the Development of Public Administration for the period from 2015 to 2020
doi: 10.17234/INFUTURE.2015.5 Case study Croatian Strategy for the Development of Public Administration for the period from 2015 to 2020 Leda Lepri Assistant Minister Ministry of Public Administration
More informationPISA. (Planning, Integration, Security and Administration) An Intelligent Decision Support Environment for IT Managers and Planners.
NGE Solutions Building the Next Generation Enterprises PISA (Planning, Integration, Security and Administration) An Intelligent Decision Support Environment for IT Managers and Planners Demo Example May
More informationAnnex 7 - Critical Success Factors
Annex 7 - This annex presents the critical success factors if future interoperability endeavours are to be successful. These can be considered as additional elements, collected during the interviews, with
More informationIBM Hybrid Cloud. How to Architect Anything. Peter Eeles. Worldwide Lead for DevOps Adoption Executive IT Architect IBM Cloud
How to Architect Anything IBM Hybrid Cloud Peter Eeles Worldwide Lead for DevOps Adoption Executive IT Architect IBM Cloud peter.eeles@uk.ibm.com About Me Graduated in 1985 Mechanical engineering @ Dowty
More informationThe Course Modules for TOGAF Online Certification Training: 1. Introduction. TOGAF Structure. 2. Core Concepts
The Course Modules for TOGAF Online Certification Training: 1. Introduction An introduction to TOGAF TOGAF Structure 2. Core Concepts Definition of key concepts and terms Architecture Framework 3. ADM
More informationIntroduction. Figure 1-1
Chapter Objectives Discuss the impact of information technology on business strategy and success Define an information system and describe its components Explain how profiles and models can represent business
More informationChapter 1. Contents. 1.1 What is Software Engineering! Solving Problems. Objectives. What is Software Engineering
Chapter 1 What is Software Engineering Shari L. Pfleeger Joanne M. Atlee 4 th Edition Contents 1.1 What is Software Engineering? 1.2 How Successful Have We Been? 1.3 What Is Good Software? 1.4 Who Does
More informationBUSINESS REQUIREMENTS SPECIFICATION (BRS)
1 Nov., 2012 UN/CEFACT Simple, Transparent and Effective Processes For Global Commerce BUSINESS REQUIREMENTS SPECIFICATION (BRS) Business Domain: Travel/Tourism Domain Business Process: Small scaled Lodging
More informationInformation Technology Audit & Cyber Security
Information Technology Audit & Cyber Security Use Cases Systems & Infrastructure Lifecycle Management OBJECTIVES Understand the process used to identify business processes and use cases. Understand the
More informationEUROPEAN COMMISSION DIRECTORATE-GENERAL TAXATION AND CUSTOMS UNION Resources Customs systems & IT operations IT STRATEGY
EUROPEAN COMMISSION DIRECTORATE-GENERAL TAXATION AND CUSTOMS UNION Resources Customs systems & IT operations Brussels, 30.11.2017 taxud.a.3(2017)6498377 MASP ANNEX 5 Revision 2017 v1.4 IT STRATEGY 1. HOW
More informationCyber Security - a New Challenge for Production (Management) Heiko Wolf, Manager R&D Program PSImetals FutureLab
Cyber Security - a New Challenge for Production (Management) Heiko Wolf, Manager R&D Program PSImetals FutureLab The Challenge Complexity of IT-Systems is rising Landing on the moon with 7.500 lines of
More informationFast and High-Quality Modern Software Testing Framework
White Paper Application Delivery Management Fast and High-Quality Modern Software Testing Framework Table of Contents page Introduction... 1 The Shift Left Movement... 1 The Modern Framework: Three Core
More informationEssentials of IBM Rational Requirements Composer, v3. Module 4: Creating a use-case model
Essentials of IBM Rational Requirements Composer, v3 Module 4: Creating a use-case model Copyright IBM Corporation 2010, 2011 Module overview After completing this module, you should be able to: Explain
More informationInception. Describe the vision and business case for this project. Determine if the enterprise should build or buy the necessary system.
Inception What needs to be done? Describe the vision and business case for this project. Determine if the project is feasible. Determine if the enterprise should build or buy the necessary system. Make
More informationWKU-MIS-B11 Management Decision Support and Intelligent Systems. Management Information Systems
Management Information Systems Management Information Systems B11. Management Decision Support and Intelligent Systems Code: 166137-01+02 Course: Management Information Systems Period: Spring 2013 Professor:
More informationSession-2: Deep Drive into Non Functional Requirements (NFRs)
Session-2: Deep Drive into Non Functional Requirements (NFRs) Important Points to Note All Participating colleges are requested to mute your telephone lines during the webinar session. Participants are
More informationImproving Engineering Governance for Large Infrastructure Projects
Multi-Level and Transnational Governance Issues Improving Engineering Governance for Large Infrastructure Projects William Scott 1, Gary Arabian 2, Peter Campbell 1 and Richard Fullalove 2 1 SMART Infrastructure
More informationPutting Industry 4.0 into practice With smart connections from sensor to cloud Let s connect. Digitalisation and Automation
Putting Industry 4.0 into practice With smart connections from sensor to cloud Let s connect. Digitalisation and Automation Future-proof Industry 4.0 solutions With a combination of automation and digitalisation
More informationICT budget and staffing trends in Germany
ICT budget and staffing trends in Germany Enterprise ICT investment plans to 2013 January 2013 TABLE OF CONTENTS 1 Trends in ICT budgets... Error! Bookmark not 1.1 Introduction... Error! Bookmark not 1.2
More informationCHALLENGES (BARRIERS) IN ADOPTING THE ELECTRONIC COMMERCE SYSTEM IN LIC OF INDIA
CHAPTER-6 CHALLENGES (BARRIERS) IN ADOPTING THE ELECTRONIC COMMERCE SYSTEM IN LIC OF INDIA 6.1 Introduction : e-insurance is the application of Internet and related technologies to the production and distribution
More information