Security Engineering for Lifelong Evolvable Systems

Evaluation of existing methods and principles in risk analysis

The purpose of the Evaluation of existing methods and principles in risk analysis report was to evaluate existing methods and principles for risk assessment and risk analysis of security, privacy and dependability. In this evaluation the SecureChange partners identified strengths and weaknesses of existing methods and techniques with respect of assessing and analysing risk of long-lived, changing and evolving systems.

The deliverable is structured as follows:

  • In Section 2 we present a first classification of kinds of change, provide a brief presentation of the industrial case studies, and define initial success criteria for the innovations of the project.
  • In Section 3 we present the state-of-the-art itself; i.e. existing approaches to management, modelling, assessment and analysis of risk and of change. 
  • In Section 4 we evaluate the state-of-the-art from Section 3 with respect to the criteria presented in Section 2.
  • In Section 5 we provide conclusions and directions for the work in the SecureChange project.
  • In the appendix we provide a glossary of central risk analysis concepts.

Read the full public report.