1. The document proposes an innovative approach to analyze quality and risks for any system using uniform mathematical models and software tools.
2. Currently, quality analysis and risk estimation are done mainly qualitatively without independent quantitative assessment. Admissible risks cannot be compared across different areas due to differing methodologies.
3. The proposed approach applies general properties of system processes over time to create universal models, approved through examples, to optimize quality and risks. This allows quantitative estimates of acceptable quality and admissible risk levels in a uniform interpretation.
1. Prof.Prof. AndreyAndrey KostogryzovKostogryzov
Moscow, Russia, RIAMC akostogr@gmail.comakostogr@gmail.com ,, www.mathmodels.netwww.mathmodels.net
INNOVATIVEINNOVATIVE
APPROACHAPPROACH
TO ANALYZE QUALITYTO ANALYZE QUALITY
AND RISKSAND RISKS
2. AgendaAgenda
1. The main changes in system standards (turn to system
engineering)
2. Analysis of practice to provide system quality and safety
(for industrial, fire, radiating, nuclear, chemical, biological, transport,
ecological systems, safety of buildings and constructions, information
systems)
3. The way to purposeful rise of quality and safety for any
system (identical input for mathematical modeling, uniform accessible
models, probability of success and risk of failure in process development as
results of modeling, dozens examples for different systems, fast analytical
report in 3 minutes through Internet)
4. The original mathematical models and software tools as a
brain of the offered innovative approach (based on the theory of
random processes, system analysis and operation research)
5. Examples of forecasting system operation, interpretations
of results, recommendations (for understanding acceptable
probability levels of quality and risks in different spheres)
3. 1. The main changes in1. The main changes in
system standardssystem standards
(turn to system engineering)(turn to system engineering)
4.
5. The main problemsThe main problems in the field of system andin the field of system and
software engineeringsoftware engineering ((interdependedinterdepended))
The problem of risks inThe problem of risks in
system life cyclesystem life cycle
(ISO/IEC15288, 16085,(ISO/IEC15288, 16085,
Regulations etc.)Regulations etc.)
The problem ofThe problem of
quality managementquality management
((ISO/IEC15288,ISO/IEC15288, 9001,9001,
10017,1146210017,11462 etc.)etc.)
The problem ofThe problem of
software qualitysoftware quality
(12207, 9126, 12119,(12207, 9126, 12119,
15504,1593915504,15939 etc.)etc.)
The problem of informationThe problem of information
systems operation qualitysystems operation quality
((GOST RVGOST RV 5198751987 etc.)etc.)
The problem ofThe problem of
informationinformation
security (security (17799,17799,
15408, 1544315408, 15443 etc.)etc.)
The problem ofThe problem of
system reliabilitysystem reliability
(IEC 300(IEC 300--1,2,31,2,3
etc.)etc.)
The problem ofThe problem of
““human factorhuman factor””
(13407, 18529(13407, 18529
etc.)etc.)
6. Point 1. There are objective needs for system analysis
and optimization quality and risks
7. Point 2. Today processes and systems operation arePoint 2. Today processes and systems operation are
the main objects for analysisthe main objects for analysis
Example from
ISO/IEC 15288
What about the objects for system analysis?What about the objects for system analysis?
8. 2. Analysis of practice to2. Analysis of practice to
provide system quality andprovide system quality and
safetysafety
(for industrial, fire, radiating, nuclear, chemical, biological,(for industrial, fire, radiating, nuclear, chemical, biological,
transport, ecological systems, safety of buildings andtransport, ecological systems, safety of buildings and
constructions, information systems)constructions, information systems)
9. Method 1. The chord is longer, when
its middle lays in a circle entered in a
triangle. The radius of this entered
new circle is equal to half of radius of
an initial circle. Hence, the area of
the entered circle is ¼ of the area of
an initial circle
Point 3. One problem can be solved by various correct
methods, but results can essentially differ!
Let’s remember paradox of Bertrand J.L.
(book “Calcul des probabilites”, 1889)
Simple problem. To find probability of that at random chord is longer than the party
of the equipotential triangle entered in a circle
by area
P = ¼
by arches
P = 1/3
by radius
P = 1/2
Method 3. Let's choose a random
point on radius of a circle and we
take a chord which is perpendicular
to this radius and passes through the
chosen point. Then the chord is
longer if the point lays on that half of
radius which is near to centre. P=1/2
Method 2. Triangle tops divide
a circle into three equal
arches, and the casual chord
is longer if it crosses this
triangle, i.e. the required
probability is equal 1/3
All results are correct but difference is 100%
10. Point 4. Generally risk estimations from one sphere do not
use in other spheres because of methodologies for risk
analysis are different, interpretations are not identical
As a result of analyzing practice approaches to safety
(to industrial, fire, radiating, nuclear, chemical, biological, transport, ecological
systems, safety of buildings and constructions, information security)
Conclusion 1
For the spheres of industrial, fire, radiating, nuclear, aviation safety in
which already there were numerous facts of tragedies - requirements to
admissible risks are expressed quantitatively at probability level and
qualitatively at level of necessary requirements to the initial materials, used
resources, protective technologies and operation conditions
11. Point 5. The methods for quantitatively risk analysis are not
created. The term “Admissible risk” can not be defined because of
one depend on methods. Experience from other spheres is missing
Conclusion 2
For the spheres of chemical, biological, transport, ecological safety,
safety of buildings and constructions, information security, including
the conditions of terrorist threats – requirements to admissible risks are
set mainly at qualitative level in the form of requirements to performance.
It means impossibility of risks predictions and correct decisions of synthesis
problems to substantiate preventive measures against admissible risk
12. General situation for today
Point 1 Point 2 Point 3 Point 4 Point 5
Special models
of Institutes (R&D)
and Critical
Systems
Models
of
Universities
The existing approach
(everyone solves
the problems how can)
Resume
1. All organizations need
quantitative estimations,
but only some part from them
uses modeling complexes
2. Used models are highly
specialized, input and calculated
metrics are adhered strongly to
specificity of systems
3. Existing modeling complexes
have been created within the limits
of concrete order for the systems
and as a rule are very expensive
Summary
1. Analysis of quality and risks is carried out mainly at qualitative level with
assessments “better or worse”. Independent quantitative estimations at
probability level are carried out for specially created models
2. Admissible risks in different areas of the application are not comparable.
In general case optimization of risks is not carried out by solving classical
problems of synthesis
3. Wide training is impossible
…
13. 3.3. The way toThe way to purposeful rise
of quality and safety for anyfor any
systemsystem
(identical input for mathematical modeling, uniform(identical input for mathematical modeling, uniform
accessible models, probability of success and risk ofaccessible models, probability of success and risk of
failure in process development as results of modeling,failure in process development as results of modeling,
dozens examples for different systems, fast analyticaldozens examples for different systems, fast analytical
report in 3 minutes through Internet)report in 3 minutes through Internet)
14. prove the probability levels of «acceptable quality and admissible
risk» for different systems in uniform interpretation,
create technics to solve different problems for quality and risk
optimization, provide access for wide use and training
What is the offered way
to improve essentially this situation?
From standard processes
consider
General
properties
of the
processes
developed
in time line
create universal
mathematical models
and software tools
approve the models
on practice examples
optimization of
quality and risks
It is important to support system making-decisions in quality
and safety and/or avoid wasted expenses in system life cycle
Expected pragmatic
effect from application
15. General
properties
of the
processes
developed
in time line
Example 1 of
considering
general
properties for
Risk analysis
The illustration of system
protection against dangerous influences
- time between the neighboring diagnostics;
- a required period Treq of permanent secure operation;
- as minimum, there is two diagnostics during a required period Treq
(the illustration of Treq middle);
- a required period Treq hasended after the last diagnostic;
- adander sourcehas penetrated before the next diagnostic;
- adander sourcehas not penetrated into system;
-a penetrated dander source hasactivated before the next diagnostic;
- apenetrated dander source hasnot activated before the next diagnostic
t
Cases: 1 2 3 4 5
… …
16. Industrial safety
Fire safety
Radiating, nuclear safety
Chemical, biological
safety
Ecological safety
Transport safety
Safety of buildings and
constructions
Information securitysecurity
etc.etc.
System processes directs on maintenance of
system integrity (including risk-processes)
General
properties
of the
processes
developed
in time line
17. Random processes of information gathering and
processing, control and monitoring, threats development,
restoration of integrity are general
In all cases
effective risk management
for any system
is based on:
1) uses of materials,
resources, protective
technologies with
more best
characteristics from
the point of view of
safety, including
integrity restoration
2) rational application of
situation analysis,
effective ways of the
control and monitoring
of conditions and operative
restoration of integrity
3) rational application
of measures for risk
counteraction
General
properties
of the
processes
developed
in time line
18. General properties of the processes in
time line. Formalization of an
unauthorized access with due regard
resources value considering period of
objective value (POV)
Example 2 of
considering
general properties
for analyzing
information
systems operation
Quality
Interacted
systems
Subordinate
systems
SYSTEM
T he g eneral purpose of
o peratio n:
to m eet requirements for
providing reli able and timel y
producing com plete, vali d
and confidential information
for i ts following use
Information syst em
Users
Purposes
Requirements to
information
system
Use
condi tions
O perated
objects
Higher
systems
Resou rces
Sources
General
properties
of the
processes
developed
in time line
19. Required information quality (ideal)
Reliable, timely, complete, valid and
confidential information
Used information
(reflecting the potential threats realization)
non-confidential
non-actual
due to random errors missed during checking
with hidden distortions as a
result of unauthorized accesses
with hidden virus distortions
due to random faults of staff and usersincomplete
non-produced as a
result of system's
unreliability
untimely
due to processing intolerable
mistakesdoubtful
INFORMATION SYSTEM
Hardware / Software
Users
Systems operation support, including information access, integrity
and confidentiality providing
Operation service,
check-up and control
Calls (t) Results (t+δ) Other
information
systems and
users
Operated
objects
Real events and
objects of system's
application domain
. . .
t-∆
t-∆ t-∆…
Source 1
Source N
t-∆…
t t…
t t…
Data
communi-
cation,
check-up,
processing,
storage and
production
Data
communi-
cation,
check-up,
processing,
storage and
production
Data base
…
t-∆ … t-∆
… t-∆t-∆
required quality
The general purpose
for any information system
Interacted
systems
Subordinate
systems
SYSTEM
The general purpose of
operation:
to meet requirements for
providing reliable and timely
producing complete, valid
and confidential information
for its following use
Information system
Users
Purposes
Requirements to
information
system
Use
conditions
Operated
objects
Higher
systems
Resources
Sources
20. The role of methodology in system life cycleThe role of methodology in system life cycle
21.
22. 4.4.The original mathematicalThe original mathematical
models and software tools asmodels and software tools as
a brain of the offereda brain of the offered
innovative approachinnovative approach
(based on the theory of random processes, system analysis(based on the theory of random processes, system analysis
and operation research)and operation research)
23. Some mathematical models and their proofsSome mathematical models and their proofs--11
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
You can receive it on www.mathmodels.net
24. Some mathematical models and their proofsSome mathematical models and their proofs--22
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
You can receive it on www.mathmodels.net
25. Some mathematical models and their proofsSome mathematical models and their proofs--33
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
You can receive it on www.mathmodels.net
26. Some mathematical models and their proofsSome mathematical models and their proofs--44
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
basic
You can receive it on www.mathmodels.net
27. Some mathematical models and their proofsSome mathematical models and their proofs--55
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
basic
basic
You can receive it on www.mathmodels.net
28. Some mathematical models and their proofsSome mathematical models and their proofs--66
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
You can receive it on www.mathmodels.net
29. Some mathematical models and their proofsSome mathematical models and their proofs--77
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
You can receive it on www.mathmodels.net
30. Some mathematical models and their proofsSome mathematical models and their proofs--88
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
basic
You can receive it on www.mathmodels.net
31. Some mathematical models and their proofsSome mathematical models and their proofs--99
from the book “APPLICABLE METHODS TO ANALYZE AND OPTIMIZE SYSTEM PROCESSES” —
Moscow: “Armament. Policy. Conversion”, 2007, 328 p. – www.mathmodels.net
etc.
basic
basic
basic
You can receive it on www.mathmodels.net
32. The methodology toThe methodology to support an assessment ofsupport an assessment of
standard system processesstandard system processes accordingaccording
to ISO/IEC 15288 is implemented in software toolsto ISO/IEC 15288 is implemented in software tools
33. The offered 100 mathematical modelsThe offered 100 mathematical models
34. Agreement ProcessesAgreement Processes
Modeling Complex for Selecting a Suitable SupplierModeling Complex for Selecting a Suitable Supplier ““AcquisitionAcquisition””
Modeling Complex for Assessing the Execution of the AgreeModeling Complex for Assessing the Execution of the Agreementment ““SupplySupply””
36. Modeling Complex for Enterprise EnvironmentModeling Complex for Enterprise Environment
ManagementManagement ““Environment ManagementEnvironment Management””
37. Modeling Complex for Investment ManagementModeling Complex for Investment Management
““Investment ManagementInvestment Management ””
38. Modeling Complex for System Life Cycle ProcessesModeling Complex for System Life Cycle Processes
ManagementManagement ““Life Cycle ManagementLife Cycle Management””
39. Modeling Complex for Resource ManagementModeling Complex for Resource Management
““Resource ManagementResource Management””
40. Modeling Complex for Quality ManagementModeling Complex for Quality Management
““Quality ManagementQuality Management””
50. Modeling complex for stakeholder requirements definitionModeling complex for stakeholder requirements definition
““Requirements DefinitionRequirements Definition””
51. Modeling complex for requirements analysisModeling complex for requirements analysis
““Requirements analysisRequirements analysis”
52. Complex for architectural designComplex for architectural design
““Architectural designArchitectural design””
53. Modeling complex for evaluation human factorModeling complex for evaluation human factor
““Human factorHuman factor ”
54. Modeling complex for system implementationModeling complex for system implementation
““ImplementationImplementation””
55. Modeling complex for system integrationModeling complex for system integration
““IntegrationIntegration””
56. Modeling complex for system verificationModeling complex for system verification
““VerificationVerification””
57. Modeling complex for system transitionModeling complex for system transition
““TransitionTransition””
58. Modeling complex for system validationModeling complex for system validation
““ValidationValidation””
59. Modeling complex for system operationModeling complex for system operation
““OperationOperation””
60. Modeling complex for maintenance processModeling complex for maintenance process
““MaintenanceMaintenance””
61. Modeling complex for disposal processModeling complex for disposal process
““DisposalDisposal””
62. 5.5. Examples of forecastingExamples of forecasting
system operation,system operation,
interpretations of results,interpretations of results,
recommendationsrecommendations
(for understanding(for understanding probability levels of acceptableprobability levels of acceptable qualityquality
and admissible risks in different spheres)and admissible risks in different spheres)
68. АнализАнализ рисковрисков вв опасномопасном производствепроизводстве
Input: a frequency of essential events - to 100 conditional events at 1h, there are no more 1 % of
potentially dangerous events. Speed of semantic interpretation of event makes about 30 sec.
Frequency of errors of the dispatching personnel and failures of software of SCADA-system is 1
error in a year
Example 1. Estimation of risk of inadequate interpretation of
events by the dispatcher for 1 hour, 8 hours (one shift),
1 month, 1 year and 10 years of operation of SCADA-system
Such levels of risks for SCADA-systems can be
recognized as acceptable
69. Example 2. The forecast of efficiency of counteraction measures
to risks for 2 years and 15 years in pipes manufacture and use
1st measure – QMS at
the supplier;
2nd measure -
production quality check by all
recommended kinds and
methods of control within a
year and improvement of
times in 3 years;
3rd measure – the
control by SCADA-system;
4th measure - remote
sounding with preservation of
efficiency within the days,
carried out once a week;
5th measure - annual
local inspections with
preservation of efficiency
within a month;
6th measure -
integrated inspections of 1
times in 5 years with
preservation of efficiency
within a month;
7th measure -
electrochemical protection of
pipelines and means of
telemechanics
-----------------------------
1st measure – QMS
at the supplier;
2nd measure - the
control by SCADA-system;
3rd measure –
helicopter inspection and
regular radiographic
methods of the analysis
with preservation of
efficiency within the days,
carried out once a week;
4th measure -
annual local inspections
with preservation of
efficiency within a month;
5th measure -
integrated inspections of 1
times in 5 years with
preservation of efficiency
within a month;
6th measure -
electrochemical protection
of pipelines and means of
telemechanics
The sample of the level of acceptable risk for other systems!
Different measures are comparable by forecasted risks!
70. Example 3. Estimation of ecological safety of a region
Risk to lose ecological safety of
region within 5 years
1-st technology
(old) provides processing of tests
and delivery of results of the
analysis within 3 days. Errors
happen 1 time in half a year.
In case of deviations a long of
integrity restoration is a week
2-nd technology
(modern) with use of IT
provides operative
processing
within several minutes,
about one error at 2 years,
integrity restoration is
about one day
(Supervision stations: 1st
category, 2-nd category)1 2
1
2
22
2
1
1 1
0.56
0.92
0.37
0.93
0.10
0.49
0.09
0.48
The operational
effectiveness of
stations of 1st
category at
modern
technology of
monitoring is
high: risk no
more than 0.1 (!)
More frequent quality control of sea
waters is recommended - to level of
frequency of the control stations of 1st
category (the risk decreases with 0.5
to 0.3 and more
The increase of mean time between
mistakes is recommended (the risk
decreases with 0.5 till 0.28 and more)
Duration of the control from 0.5 to 2
days influences insignificantly!
More frequent threats twice
increases risk from 0.5 to 0.6
Mean time between mistakes
Time between control
Duration of the control
Frequency of threats
Points of supervision of 1st category are intended for qualityPoints of supervision of 1st category are intended for quality
control of sea waters in coastal areas. The control is 2 times acontrol of sea waters in coastal areas. The control is 2 times a
month on reduced and once a month under the full program.month on reduced and once a month under the full program.
Points of 2nd category are intended to control sea waters inPoints of 2nd category are intended to control sea waters in
areas of the high sea for researches of seasonal and annualareas of the high sea for researches of seasonal and annual
variability of impurity of sea waters. The control is 5variability of impurity of sea waters. The control is 5--6 times a6 times a
year under the full programyear under the full program
71. 1-ST COMPONENT – IDEAL BOILER-HOUSES, 2-ND -CENTRAL THERMAL POINT AND ELEVATED BOILER ROOMS;
COMPONENTS FROM 3-RD TO 8-TH ARE HEATING MAIN BEAMS,
9-TH COMPONENT CHARACTERIZES THE TIME BETWEEN DAMAGES OF ALL NETWORK OF THE HEAT SUPPLY
Example 4. Estimations of ideal
system of the centralized heat
supply during a cold season (214 days)
For ideal system mean timeFor ideal system mean time
between failures is about 3 years!between failures is about 3 years!
Probability of reliableProbability of reliable
heat supply isheat supply is 0.830.83
It is idealIt is ideal
(unachievable(unachievable
maximum)maximum)!! 0.83
25287h
72. On the moment of
failure the probability
of reliable heat supply
is 0.008
Estimations of existing system of the centralized heat supply
Mean time between
failure is 93 hours
(one failure in 3 days)
Probability of
reliable heat
supply is 0.014
0.01493h
WITHOUT RESERVATION OF BEAMS OF THE HEATING SYSTEM
62 h 0.008
Mean time
between
failures is
62 hours!
AS A RESULT
ALL THE SAME
ZERO !!!
WITH RESERVATION OF BEAMS OF THE HEATING SYSTEM
1-ST COMPONENT – IDEAL BOILER-HOUSES, 2-ND -CENTRAL THERMAL POINT AND ELEVATED BOILER ROOMS;
COMPONENTS FROM 3-RD TO 8-TH ARE HEATING MAIN BEAMS,
9-TH COMPONENT CHARACTERIZES THE TIME BETWEEN DAMAGES OF ALL NETWORK OF THE HEAT SUPPLY
73. Probability of reliable heat supply is 0.44
Probability of reliable heat
supply is 0.035
Comparative estimation of variants of improvement of heat supply system
0.035
variant 1
variant 2
CostCost
variant 3
0.44
0.44
0.98
The most preferrable variant!
BUILDING OF NEW HOUSES WITH
INDIVIDUAL HEATING ALLOWS TO
PROVIDE THE RELIABLE HEAT SUPPLY
WITH PROBABILITY 0.98
CostCost
CostCost
1-ST COMPONENT – IDEAL BOILER-HOUSES, 2-ND -CENTRAL THERMAL POINT AND
ELEVATED BOILER ROOMS; COMPONENTS FROM 3-RD TO 8-TH ARE HEATING MAIN
BEAMS, 9-TH COMPONENT CHARACTERIZES THE TIME BETWEEN DAMAGES OF ALL
NETWORK OF THE HEAT SUPPLY
74. Basic feature:Basic feature:
unlike a landunlike a land
problems of safetyproblems of safety
should be resolvedshould be resolved
by own strengthby own strength
directly in the sea asdirectly in the sea as
remoteness fromremoteness from
coast and, probably,coast and, probably,
ice conditions forice conditions for
northern areasnorthern areas
exclude the help fromexclude the help from
the outsidethe outside
Typical structure
Example 5. Analysis of vulnerability for oil and gas systemsExample 5. Analysis of vulnerability for oil and gas systems--11
75. 8 h. 1 day 1 week 1 month 1 year
0.000006 0.00002 0.0002
0.01
0.0008
Risk of erroneous analytical conclusions from
the gathered on-line information and as a
consequence non-undertaking or undertaking
inadequate countermeasures within only
a few business hours is very high!
Really
Optimistically
as a result of decreasing mistakes
Input for modeling is according to data
of a special public relations department of FBI
0.86
Estimation of the analysis process
Analysis of development of terrorist dangers in the external
conditions similar to emergency danger
0.9998
0.89
0.39
0.07
Risk increases
from 0.01 to 0.9998
owing to
insufficient
degrees of
recognition
the terrorist
threats
Risk of uncontrollable development of a situation
for conditions of emergency danger
Risk of uncontrollable development of a situation
for conditions of terrorist dangers
8 h. 1 day 1 week 1 month 1 year
0.39
0.18 0.18
0.86
0.97
0.02
76. Example 6. Model of threats, barriers against unauthorized access
System data
Characteristics of the Communication Subsystem
Characteristics of the means of gathering, storages and displays
It is required to predict
quantitatively the level
of information security
for month and year and
to reveal bottlenecks
Communication
Subsystem 2
Subordinated
enterprises -
Subsystem 3
Means of
gathering,
storages and
displays -
Subsystem 3
HHeadead hholdingolding --
ssubsystemubsystem 11
77. For safe system operation it is expedient, that all subsystems were strong equally. In an investigated example
implemented monitoring and control are ineffective. The technology of maintenance of information security in
case of emergency is necessary
Prediction of information security and revealing bottlenecks
Mean time of safe operation (h)
Probability of providing system security
within a month without monitoring and control within a month with monitoring and control
within a year with monitoring and controlwithin a year without monitoring and control
without monitoring and control
with monitoring and control
0.96 0.96
0.89
0.83
0.90
0.91
0.96
0.99917575
17533
5945
3544
867214
48126
7688 6579
0.67 0.67
0.40
0.29 0.43
0.47
0.85
0.99
Moreat49.3times
moreat1.86times
3rd subsystem is
the most bottleneck
in system! Narrow links
are means of
gathering, storages and
displays of data
m
ore
at 112.8
tim
es!
Within a year some
cases of
overcoming of
barriers are quite
possible
Within a month safe will be provided with probability 0.9 (i.e. it
is figurative if scenarios of threats repeat 100 months about 90
months from them information security will be provided)
monitoring
For many
years rare year
will do without
safety
infringement
are not effective!and control
Implemented
The general mean
time of safe
operation will be
more low, than only
for the most critical
link (3rd subsystem)
for system
For system
Subsystems
1
1 1
2
2 2
221 3 31 1
3
3 3
32For system For system
for system for system
For 1st subsystem
monitoring of 10th
barrier is effective!
1st and 2nd
subsystems
are
aproximately
safe equally
78. What about the modeling through Internet?
The offered
approach to
mathematical
modeling
standard processes
through Internet
Resume
1. Input (different
characteristics of time,
frequency and expenses for
standard processes) are
identical. Models are based on
the theory for random
processes. As consequence –
metrics are understandable,
these are probabilities of
successful development of
processes or risks of failure
2. Services through Internet
are more cheaper, than
calculations by existing way
1. All organizations receive access to quality and risks analysis on uniform
mathematical models according to requirements of system standards and taking
into account experience and admissible risks for systems in different spheres
2. Training is accessible to all connected to Internet
Service through
Detail
analytical
report
(50-70 pages)
in 3 minutes Differences
-focus on requirements to system standard
processes;
-universality of initial data, metrics and the
mathematical models, allowing an estimations and
forecasts for given time;
-support of decision-making process through Internet
79. Objective needs and preconditions for perfection of quality and risk management (1)
Methodology and supporting software tools (2)
Examples for different spheres of applications (3)
Modeling through Internet (4)
From a pragmatical filtration ofinformation to generation of the proved ideas and effective decisions
INNOVATIVE APPROACH TO ANALYZEINNOVATIVE APPROACH TO ANALYZE
QUALITY AND RISKSQUALITY AND RISKS
80. Scientific Publications and PresentationsScientific Publications and Presentations
19941994
19919966
19919999
The models and software tools have been presented at seminars,The models and software tools have been presented at seminars, symposiums,symposiums,
conferences and exhibitions since 1989 in Russia,conferences and exhibitions since 1989 in Russia, Australia,Australia, Canada, France,Canada, France,
Finland, Germany, Kuwait,Finland, Germany, Kuwait, the USAthe USA
-- 20052005
81.
82.
83.
84. Thanks for your
attention!
Prof.Prof. AndreyAndrey KostogryzovKostogryzov
Moscow, Russia, akostogr@gmail.comakostogr@gmail.com ,,
For more details and onFor more details and on--line system analysis withline system analysis with
presented mathematical model:presented mathematical model:
www.mathmodels.netwww.mathmodels.net
INNOVATIVE APPROACHINNOVATIVE APPROACH
TO ANALYZE QUALITY AND RISKSTO ANALYZE QUALITY AND RISKS