Keywords: critical infrastructures, goal-based risk analysis, qualitative risk assessment, quantitative risk assessment, risk identification, risk mitigation, business risks, risk management, e-government, electronic government, enterprise dependencies
Identifying and evaluating risks related to enterprise dependencies: a practical goal-driven risk analysis framework
This paper suggests a framework for identifying the extent to which an organisation depends on services and resources provided by either external or internal technological infrastructures and for evaluating the corresponding business risks. By combining the advantages provided by a goal-driven organisation modelling technique with the analysis capabilities of an infrastructures simulator, the proposed framework provides a valuable managerial support for identifying, analysing, and eventually mitigating risks associated with enterprise dependencies. Its practical application is illustrated in a simplified context using e-government project data.