School of Informatics

« Back.City » School of Informatics » Postgraduate courses » Resilience, Assurance, and Risk Management

INM383 - Introduction to dependability and resilience

This module can be taken as part of a Postgraduate course or as a 5 day Continuous Professional Development (CPD) course.

Rationale

Dependability (including security) and resilience are essential requirements for computer-based systems and computer-using organisations.

Awareness of these problems is growing, but without an effective intellectual framework for identifying and analysing the multiple risks and potential remedies, action to deal with risk can be fragmentary and unbalanced; feasible remedies may be ignored, unwarranted assumptions made that leave organisations with false sense of security, or alternatively of helplessness. Organisations can be at risk from focusing on only some threats while ignoring others; or on only some remedies, which in the circumstances may be infeasible, ineffective or not cost-effective, while ignoring others. For instance, much of the COTS computing products available may leave much to be desired, and yet organisations can protect themselves by more resilient design of the system and procedures in which these are embedded.

Most professionals dealing with potentially risky uses of computing need awareness of risks - physical failure, design errors in computers and in organisations, risks that arise from employee and user behaviour, and the way these can be exploited by malicious parties - and of the range of remedies.

Educational Aims

This module is aimed at people who need professionally to deal with computer systems, software, and organsiation and engineered system dependent on computers and software, in a development, procurement, management or operation capacity; or who need a systematic introduction to the topic as preparation for more complete study of its various technical specialties. It gives them a panorama of risks and of possible defences, enables them to decide adoption of defences in simple cases by appropriate analyses, and to recognise the role of the various bodies of specialist knowledge in supporting analyses and decisions about dependability and resilience in more complex situations.

Module Learning Outcomes

Upon successful completion of this programme, a student will be expected to be able to:

Knowledge and understanding

• Identify basic computing-related risks in an operation environment using computers
• Use a standard hazard analysis technique for identifying risks
• Identify trade-offs between dependability requirements

Values and Attitudes

• Be attentive to risk and balances between productivity, innovation and risk and between types of risk
• Take responsibility for controlling risk and calling for investment or technical help

Cognitive/Intellectual Skills

• Critically evaluate research and literature relating to dependability security and resilience
• Use preliminary hazard analysis techniques and recognise the roles of basic tools and techniques for solving concrete dependability problem.
• Undertake critical evaluation of alternative design solutions for systems and organisations, and identify any further technical input needed towards a decision

Subject Specific Skills

• Identify risk containment needs and produce preliminary analyses of possible defences selected from both avoidance and mitigation techniques, both technical and organisational
• Identify basic cost-benefit trade-offs in the application of defences and explain the human and organisational factors affecting risk and risk containment
• Produce arguments to make management aware of risk and of the need for risk control investment; recognise basic fallacies in such arguments

Transferable Skills

• Create professional reports of problem analyses
• Detect and explain some of the standard fallacies in dependability and safety
• Take into account psychological and social factors in the operation of systems and organisations

Content

Threats to dependability (examples and case studies); basic concepts, definitions and types of requirements in dependability, security, resilience in relation to IT systems; sytematic methods for identifying hazards; basic concepts and examples about means for dependability and resilience: fault avoidance, removal and tolerance, at the technical and at the organisational levels; fundamental design trade-offs; introduction to the means for assessing dependability and resilience; introduction to socio-technical systems; resilience, safety, dependability and security cultures