Ontology Based Risk Management

  • Giancarlo Nota
  • Rossella Aiello
  • Maria Pia Di Gregorio
Conference paper
Part of the New Economic Windows book series (NEW)


Risk management in several application domains is receiving increasing attention in the last years especially when the risk management must be pursued in a network made of interacting systems. The motivation is that although risk management models and techniques are mature enough to handle risk in the context of a single system, risk evaluation in the setting of a network of systems is much more difficult to model and manage. Because of the lack of awareness of risk, it is difficult to perceive risks propagation within the network of systems. On the other hand, the lack of shared goals and knowledge represents itself a risk, so that we need a good paradigm to organize and communicate information.

In this paper we first introduce a metamodel able to represent the fundamental structure from which distributed risk management models can be derived with respect to several application domains. This abstraction arises from an approach to risk management based on the definition of risk ontologies. A risk ontology is specialized to represent and share risk knowledge in a given application domain; changing the underlying ontology, the metamodel can be adapted to a new application domain so that the logic for risk management can be reused with a reasonable tailoring effort.

Two case studies are discussed in the paper as possible implementation of risk management systems based on the proposed metamodel.


Sensor Network Risk Management Risk Exposure Mitigation Action Virtual Enterprise 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abate, A.F., D’apolito, C., Nota, G., Pacini, G.: Writing and analyzing system specifications by integrated linguistic tools. International Journal of Software Engineering and Knowledge Engineering 7(1), 69–99 (1997)CrossRefGoogle Scholar
  2. 2.
    Aiello, R., Nota, G.: Proactive contract management through rsf specification. In: Computer Supported Activity Coordination, pp. 76–86. INSTICC Press, PRT (2007). In conjuction with ICEIS 2007Google Scholar
  3. 3.
    Alberts, C.: Common elements of risk (2006). Carnegie Mellon University, Software Engineering Institute, PittsburghGoogle Scholar
  4. 4.
    AS/NZS4360: Risk management (1999). AS/NZS 4360, Australian Standard — Risk Management, 1999Google Scholar
  5. 5.
    Boehm, B.W.: Software risk management: Principles and practices. IEEE Software 08(1), 32–41 (1991). DOI Scholar
  6. 6.
    Caprio, F., Aiello, R., Nota, G.: Adaptive risk management in distributed sensor networks. In: ICEIS 2008 — Proceedings of the Tenth International Conference on Enterprise Information Systems, Volume SAIC, Barcelona, Spain, June 12–16, pp. 315–320 (2008)Google Scholar
  7. 7.
    Culler, D., Estrin, D., Srivastava, M.: Guest editors’ introduction: Overview of sensor networks. Computer 37(8), 41–49 (2004)CrossRefGoogle Scholar
  8. 8.
    Degl’Innocenti, M., Ferrari, G.L., Pacini, G., Turini, F.: Rsf: A formalism for executable requirement specifications. IEEE Trans. S.E. 16(11), 1235–1246 (1990). DOI 10.1109/32.60312CrossRefGoogle Scholar
  9. 9.
    Higuera, R., Haimes, Y.: Software risk management (1996). CMU/SEI-96-TR-012 Carnegie Mellon University, Software Engineering Institute, PittsburghGoogle Scholar
  10. 10.
    Mees, W.: Risk management in coalition networks. In: Proceedings of the Third International Symposium on Information Assurance and Security, IAS 2007, August 29–31, 2007, Manchester, United Kingdom, pp. 329–336 (2007)Google Scholar
  11. 11.
    Meyers, B.: Risk management considerations for interoperable acquisition (2006). CMU/SEI-2006-TN-032 Carnegie Mellon University, Software Engineering Institute, PittsburghGoogle Scholar
  12. 12.
    Noor, I.: Risk and issue management — principles and practice. articles/RiskPaper.pdfGoogle Scholar
  13. 13.
    PMBOK: A Guide To The Project Management Body Of Knowledge (PMBOK Guides). Project Management Institute (2004)Google Scholar
  14. 14.
    Ricci, A., Denti, E., Omicini, A.: Agent coordination infrastructures for virtual enterprises and workflow management. In: M. Klusch, F. Zambonelli (eds.) Cooperative Information Agents V, 5th International Workshop, CIA 2001, Modena, Italy, September 6–8, 2001, Proceedings, Lecture Notes in Computer Science, vol. 2182, pp. 235–246. Springer (2001)Google Scholar
  15. 15.
    Wiener, N.: Cybernetics: Or Control and Communication in Animal and the Machine. MIT Press, Cambridge, MA, USA (2000)Google Scholar

Copyright information

© Springer-Verlag Italia 2010

Authors and Affiliations

  • Giancarlo Nota
    • 1
  • Rossella Aiello
    • 1
  • Maria Pia Di Gregorio
    • 1
  1. 1.Department of Mathematics and Computer ScienceUniversity of SalernoFiscianoItaly

Personalised recommendations