Automated risk management system – Decision making support for continuous improvement of IT mission assurance


  1. Henderson, G.
  2. Sawilla, R.
  3. Matwin, S.
  4. Bacic, E.
  5. Tremblay, L.
  6. Sayyad-Shirabad, J.
  7. De Souza, E.N.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN)
Communications and Information Technology is identified by Public Safety Canada as one of the ten critical infrastructure sectors. This sector in particular, and all critical infrastructure sectors in general, are heavily reliant upon information technology systems for operations, planning, communication, logistics, command, and control. Effective service provision, disaster planning, and disaster recovery all require a comprehensive understanding of the system-wide cascading impacts of a security incident. Cascading effects not only significantly broaden the impact of a single incident but can also trigger new events involving other infrastructure services. The problem is particularly challenging for information technology networks since, in addition to the dynamically changing operational priorities germane to all networks, one must also consider the dynamicity of the network itself. We discuss methods to consistently and, where possible, automatically capture interdependencies from governance to business services to infrastructure to physical location. Risk management methodologies are reviewed for their applicability to an automated system. Existing technologies for computing quantitative criticality metrics are reviewed in relation to their ability to respond to changing business needs and infrastructure. These foundational elements enable course of action planning to reduce and mitigate risks, while considering cascading impacts. High-level design and requirements are p

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TR-2012-060 — Technical Report
Date of publication
01 May 2012
Number of Pages
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: