Risk propagation encompasses a plethora of techniques for analyzing how risk spreads in a given system. Due to the complexity and variety of the domain of application, risk propagation turns out to be a conceptually complex notion. So far several design and implementation solutions in this area have focused on how risk can be quantified, and in what sense it can be propagated in a network of correlated events. However, situations that are usually considered for the propagation of risk involve key concepts of different types, which are rarely limited to a chain of events and their probabilities. In this paper, we provide a novel account of risk propagation via an ontology-driven approach. The proposal stems from a well-founded ontological analysis and aims at modeling the phenomenon of risk propagation according to multiple epistemic dimensions, which involve objects, assets, the agents involved, and their objectives. We test our approach on an implementation and we show how the proposed solution can be used to aid in addressing multiple risk analysis tasks, including a demonstrative case from the cybersecurity domain.
Beyond Risk Propagation: A Unified Approach
Alessandro Mosca;Giancarlo Guizzardi
2025
Abstract
Risk propagation encompasses a plethora of techniques for analyzing how risk spreads in a given system. Due to the complexity and variety of the domain of application, risk propagation turns out to be a conceptually complex notion. So far several design and implementation solutions in this area have focused on how risk can be quantified, and in what sense it can be propagated in a network of correlated events. However, situations that are usually considered for the propagation of risk involve key concepts of different types, which are rarely limited to a chain of events and their probabilities. In this paper, we provide a novel account of risk propagation via an ontology-driven approach. The proposal stems from a well-founded ontological analysis and aims at modeling the phenomenon of risk propagation according to multiple epistemic dimensions, which involve objects, assets, the agents involved, and their objectives. We test our approach on an implementation and we show how the proposed solution can be used to aid in addressing multiple risk analysis tasks, including a demonstrative case from the cybersecurity domain.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
