An Approach to Modelling Information System Availability by Using Bayesian Belief Network
Ključne reči:
Information Systems, Business Continuity, Availability, Bayesian Belief Network, Monte-Carlo SimulationApstrakt
In today’s era of the ubiquitous use of information technology (IT), it is expected that the information systems provide services to end-users on continuous basis, regardless of time and location. This is especially true in organizations where information systems (IS) support real-time critical operations, particularly, in the industries in which these systems must continuously operate 24x7x365. This paper presents a modified Bayesian Belief Network model for predicting IS availability. Based on a thorough review of all IS availability dimensions, we proposed a modified set of determinants. The model is parametrized using probability elicitation process with the participation of experts from the BiH financial sector. The results showed that most influential determinants of the IS availability are a timely and precise definition of the availability requirements, quality of IT operations, management and network.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Reference
Bell, M.A. (2005), “Use Best Practices to Design Data Center Facilities”, Gartner Publication.
Bodin, L.D., Gordon, L.A., Loeb, M.P. (2005) “Evaluating Information Security Investments Using the Analytic Hierarchy Process”, Comm. of the ACM, Vol. 48 No. 2, pp. 79–83.
Bodin, L.D., Gordon, L.A., Loeb, M.P. (2008) “Information security and risk management”, Comm. of the ACM, Vol. 51 No. 4.
Bonafede, E., Cerchiello, P. (2007), “Statistical models for business continuity management”, Journal of Operational Risk, Vol. 2 No. 4, pp. 79–96.
Calzolari, F. (2006), “High availability using virtualization”, Universita di Pisa.
Chen, P., Kataria, G., Krishnan, R. (2011), “Correlated failures, diversification, and information security risk management”, MIS Quarterly, Vol. 35 No. 2, pp. 397–422.
Dejaeger, K., Verbraken, T. (2012), “Towards comprehensible software fault prediction models using Bayesian network classifiers”, Transactions on Software, Vol. 1 No. 1, pp. 1–22.
Faisst, U., Prokein, O. (2008), “Management of Security Risks - A Controlling Model for Banking Companies”, in D. Seese, C. Weinhardt, & F. Schlottmann (Eds.), Handbook on Information Technology in Finance, Vol. 4801.
Fenton, N. (2012), “Risk Assessment and Decision Analysis with Bayesian Networks”, CRC Press.
Fenton, N., Hearty, P., Neil, M., Radliński, Ł. (2010), “Software project and quality modelling using Bayesian networks”, Artificial Intelligence Applications for Improved Software, pp. 1–25.
Fineman, M. (2010), “Improved Risk Analysis for Large Projects: Bayesian Networks Approach”, Queen Mary, University of London.
Franke, U., Flores, W.R., Johnson, P. (2009), “Enterprise architecture dependency analysis using fault trees and bayesian networks”, in SpringSim ’09 Proceedings of the 2009 Spring Simulation Multiconference.
Franke, U., Johnson, P. (2012), “Availability of enterprise IT systems – an expert-based Bayesian model”, Software Quality Journal, Vol. 20 No. 2, pp. 369–394.
Gaddum, R. (2004), “Business resilience–the next step forward for business continuity”, available at: http://www.continuitycentral.com/feature083.htm (accessed April 27th 2014).
Gay, S. (2007), “An examination of virtualization’s role in contingency planning”, in InfoSecCD ’07 Proceedings of the 4th annual conference on Information security curriculum development, available at: http://dl.acm.org/citation.cfm?id=1409927 (accessed April 27th 2015).
Goyal, A., Lavenberg, S.S. (1987), “Modelling and analysis of computer system availability”, IBM Journal of Research and Development, Vol. 31 No. 6, pp. 651–664.
Gran, B. A. (2002), “Use of Bayesian Belief Networks when combining disparate sources of information in the safety assessment of software-based systems”, International Journal of Systems Science, Vol. 33 No. 6, pp. 529–542.
Henrion, M. (1987), “Practical issues in constructing a Bayes’ belief network”, in: Proceedings of the Third Conference on Uncertainty in Artificial Intelligence. AUAI Press.
Hinz, D.J., Malinowski, J. (2006), “Assessing the Risks of IT Infrastructure – A Personal Network Perspective”, in HICSS ’06”, Proceedings of the 39th Annual Hawaii International Conference on System Sciences, Vol. 00, pp. 1–8.
Hole, K. (2010), “Toward risk assessment of large-impact and rare events”, IEEE Security & Privacy, pp. 21–27.
IEEE (1990), “IEEE Standard Glossary of Software Engineering Terminology”, IEEE.
Immonen, A., Niemelä, E. (2007), “Survey of reliability and availability prediction methods from the viewpoint of software architecture”, Software & Systems Modelling, Vol. 7 No. 1, pp. 49–65.
ISO/IEC (2005), “ISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems – Requirements”, ISO/IEC.
Ioannidis, C., Pym, D. (2009), “Investments and trade-offs in the economics of information security”, In Financial Cryptography and Data Security, Vol. 5628, pp. 148–166, Springer Berlin Heidelberg.
Lande, S., Zuo, Y., Pimple, M. (2010), “A Survivability Decision Model for Critical Information Systems Based on Bayesian Network”, in 5th Annual Symposium on Information Assurance.
Kouns, J., Minoli, D. (2010), “Information technology risk management in enterprise environments”, Wiley
Liu, D., Deters, R., Zhang, W.J. (2010), “Architectural design for resilience”, Enterprise Information Systems, Vol. 4 No. 2, pp. 137–152.
Marcus, E., Stern, H. (2003), “Blueprints for high availability (Second)”, Wiley.
Martin, A.P. (2003), “Key determinants of information availability: A multiple case study”, University of Nebraska.
Martin, A.P., Khazanci, D. (2006), “Information Availability and Security Policy”, in Proceedings of the Twelfth Americas Conference on Information Systems.
Oniśko, A., Druzdzel, M.J., Wasyluk, H. (2001), “Learning Bayesian network parameters from small data sets: Application of Noisy-OR gates”, International Journal of Approximate Reasoning, Vol. 27 No.2, pp. 165–182.
Pearl, J. (1988), “Probabilistic Reasoning in Intelligent Systems”, Morgan-Kaufmann.
Raderius, J., Narman, P., Ekstedt, M. (2009), “Assessing System Availability Using an Enterprise Architecture Analysis Approach”, In Service-Oriented Computing–ICSOC Workshops, pp. 351–362, Springer.
Radliński, Ł., Fenton, N., Neil, M. (2007), “Improved decision-making for software managers using Bayesian networks”, in Software Engineering and Applications, pp. 1–13.
Schiesser, R. (2010), “IT systems management”, Pearson Education, Inc.
Simonsson, M., Robert, L., Johnson, P. (2008), “A Bayesian network for IT governance performance prediction”, ICEC ’08 Proceedings.
Somasundaram, S., et al. (2009), "NSAID-induced gut inflammation and vasoconstriction: Causes and potential reversal with beta-CGRP - A hypothesis", Bioscience Hypotheses.
Weber, P., Suhner, M. (2001), “System architecture design based on a Bayesian Networks method”, in 10th International Symposium on Applied Stochastic Models and Data Analysis. Compiègne, France.
Wei, W., Wang, H., Yang, B., Liu, L. (2011), “A Bayesian Network Based Knowledge Engineering Framework for IT Service Management”, IEEE Transactions on Services Computing, Vol. 99, pp. 1–14.
Zhang, R., Cope, E., Heusler, L. (2009), “A Bayesian Network Approach to Modeling IT Service Availability using System Logs”, In SOSP Workshop on the Analysis of System Logs.