SlideShare une entreprise Scribd logo

Risk-based Decision-making Fallacies: Why Present Functional Safety Standards Are Not Enough

Gordana Dodig-Crnkovic
Gordana Dodig-Crnkovic

Risk-based Decision-making Fallacies: Why Present Functional Safety Standards Are Not Enough Presented at ICSA 2017 Gothenburg MARCH workshop

Technologie
1  sur  16
Télécharger pour lire hors ligne
MARCH2017 International Workshop on decision Making in Software ARCHitecture Collocated at ICSA 2017 Gothenburg, Sweden Risk-based Decision-making Fallacies: Why Present Functional Safety Standards Are Not Enough Andreas Johnsen1, Gordana Dodig-Crnkovic12, Kristina Lundqvist1 Kaj Hänninen1, Paul Pettersson1, 1School of Innovation, Design and Engineering, Mälardalen University 2Chalmers University of Technology and University of Gothenburg 1
FUNCTIONAL SAFETY OF A SYSTEM Functional safety of a system is the part of its overall safety, understood as freedom from unacceptable/unreasonable risks, that depends on a system operating correctly in response to its inputs. Functional safety elements are examined at every stage of the the software development life cycle, including requirement specification, design, implementation, verification, validation and deployment. Acceptability of risks is judged within a framework of analysis with contextual and cultural aspects by individuals who may introduce subjectivity and misconceptions in the assessment. 2
FUNCTIONAL SAFETY STANDARDS If functional safety standards control functional safety by the absence of risk judged to be unacceptable, we argue it is critical to also require the absence of unreasonable judgments. We study common fallacies in risk perception, through a moral- psychological analysis of functional safety standards. We propose plausible improvements of the involved risk-related decision making processes, with analysis of the notion of an acceptable residual risk. 3
HARDWARE-SOFTWARE SYSTEMS Issues of safety are best addressed in a combined hardware-software system, where malfunction of software can lead to hardware causing damage. As a reference model, we use the functional safety standard ISO 26262, addressing potential hazards caused by malfunctions of hardware and software systems within road vehicles, and defines safety measures that are required to achieve an acceptable level of safety. 4
FALLACIES IN RISK PERCEPTION Fallacies of risk perception: The Majority Rule/Groupthink, Fallacies of Individual Judgment (e.g. the above-average effect), Biases due to Memory Mechanisms, “What You See Is All There Is”, Status Quo Bias, Biases by Subconscious Processes (e.g. priming), etc. Adequate risk assessment especially important in contemporary developed autonomous vehicles with increasing the role of computational applications. 5
ISO 26262 SAFETY - the absence of unreasonable risk ISO 26262 is an automotive-specific interpretation of the basic functional safety standard IEC 61508. ISO 26262 provides a safety lifecycle reference model that complies with standardized safety requirements in the development of E/E systems within road vehicles. The reference model both addresses potential hazards caused by malfunctions and specifies safety measures through which safety is achieved. The standard defines safety as the absence of unreasonable risk: “risk judged to be unacceptable in a certain context according to valid societal moral concepts.” 6
FUNCTIONAL SAFETY OF A SYSTEM We argue that functional safety standards should be complemented with the analysis of potential hazards caused by fallacies in risk perception, their countermeasures, and the requirement that residual risks must be explicated, motivated, and accompanied by a plan for their continuous reduction. This approach becomes especially important in contemporary developed autonomous vehicles with increasing computational applications. 7
RISK Risk is defined as: “the combination of the probability of occurrence of harm and the severity of that harm” Harm and its severity depend on the value system and ethics, which remain implicit in the standard. 8
HARM The notion of harm is related to emotions. Harm, physical as well as mental, instinctively causes unpleasant emotions. Together with the ability of reasoning, humans are able to develop models of right and wrong conduct – ethics. The “do no harm”-principle is fundamental to ethics, derived from the value of human dignity and the respect of the personal integrity. In applied ethics, the fundamental principle of beneficence refers to a moral obligation to “act for the others’ benefit, helping them to further their important and legitimate interests, often by preventing or removing possible harms.” 9
HARM FROM “RESIDUAL RISK” The question is whether the reasoning behind an “acceptable residual risk” includes untrue assumptions, inferences, or theorems. Such errors have the potential to result in causing harm, that is in unethical conduct, in spite of careful application of functional safety standards. We identify relevant systematic errors of thinking and analyze the impact these fallacies may have on functional safety. The study of fallacies is based on Kahneman’s book “Thinking, Fast and Slow”. 10
DECISIONS BASED ON VALUES V a l u e s serve as a g u i d e t o d e c i s i o n m a k i n g a n d a c t i o n . They are relevant to all aspects of engineering practice. Contrary to what many believe, cognitive scientists have found v a l u e s to be integral parts of STEM (Science, Technology, Engineering, and Mathematics). 11 TUANA. COMMUNICATIONS OF THE ACM | DECEMBER 2015 | VOL. 58 | NO. 12
TYPES OF VALUES Various types of values can be involved in decision making and reasoning: -  economic values, etc. -  functional & extra-functional values (dependability, reliability, robustness, safety, security, accuracy, integrity, availability, responsiveness, throughput, etc.) -  ethical values (the good of society, equity, sustainability) -  aesthetic values (simplicity, elegance, complexity), or -  epistemic values (predictive power, reliability, coherence, scope). 12
CONCLUSIONS Functional safety is assessed in different phases - from initiation and requirements specification to development, testing and verification and maintenance of a system. Decision-making includes subjective elements in which values and ethical judgments are part of the decision process. We propose that residual risk assessment related decision-making is grounded in value-based ethical aspects, which today are implicit, and should be made visible and a subject of scrutiny. Analysis points out the importance of a robust safety culture with developed countermeasures to the common fallacies in risk perception, which are not addressed by contemporary functional safety standards.
FUTURE WORK Study of the process of software architecting of cyber physical systems when functional safety is addressed, including stakeholders. Which values enter the decision making processes in different phases of research and development and in what way What would be the best way to assure transparency and document decision-making with respect to risk assessment and specifically residual risk The role of safety culture – from the standard to technology design and application. BUILDING IN LEARNING IN THE SYSTEM.
REFERENCES Avizˇienis, J.-C. Laprie, and B. Randell, Dependability and Its Threats: A Taxonomy. Boston, MA: Springer US, 2004, pp. 91–120. International Organization for Standardization, “ISO 26262-1:2011 Road vehicles - Functional safety,” Geneva, Switzerland. R. Hugman, E. Pittaway, and L. Bartolomei, “When ’Do No Harm’ Is Not Enough: The Ethics of Research with Refugees and Other Vulnerable Groups,” British Journal of Social Work, 2011. T. Beauchamp, “The Principle of Beneficence in Applied Ethics,” in Stanford Encyclopedia of Philosophy, 2008. D. Kahneman, Thinking, Fast and Slow. New York: Farrar, Straus and Giroux, 2011. J. M. Doris, The Moral Psychology Handbook. Oxford University Press, 2010. H. Kienle, D. Sundmark, K. Lundqvist, and A. Johnsen, “Liability for Software in Safety- Critical Mechatronic Systems: An Industrial Questionnaire,” in Proceedings of the 2nd International Workshop on Software Engineering for Embedded Systems, June 2012.
REFERENCES P. Kemp, En teknolgietik. Stockholm, Sweden: Brutus O¨ stlings Bokfo¨rlag Symposion, 1991. T. Krause, “The Ethics of Safety,” http://ehstoday.com/safety/best-practices/ ehs_imp_67392, October 2016. G. Dodig Crnkovic and B. Cürüklü, “Robots: ethical by design,” Ethics and Information Technology, vol. 14, no. 1, pp. 61–71, 2012. Sapienza, G., Dodig-Crnkovic, G. and Crnkovic, I. Inclusion of Ethical Aspects in Multi- Criteria Decision Analysis. Proc. WICSA and CompArch conference. Decision Making in Software ARCHitecture (MARCH), 2016 1st International Workshop. Venice April 5-8 2016. DOI: 10.1109/MARCH.2016.5, ISBN: 978-1-5090-2573-2. IEE Thekkilakattil, A. and Dodig-Crnkovic, G., Ethics Aspects of Embedded and Cyber- Physical Systems In IEEE Proceedings of COMPSAC 2015: The 39th Annual International Computers, Software & Applications Conference, Symposium on Embedded & Cyber-Physical Environments (ECPE). Taichung, Taiwan - July 1-5, pp. 39-44, 2015. DOI: 10.1109/COMPSAC.2015.41

Recommandé

Authority, Influence and the Role of the Safety Professional in Organisationa...
Authority, Influence and the Role of the Safety Professional in Organisationa...Authority, Influence and the Role of the Safety Professional in Organisationa...
Authority, Influence and the Role of the Safety Professional in Organisationa...Australian Institute of Health & Safety
 
I decide You decide: Authority, influence and the Role of the Safety Professi...
I decide You decide: Authority, influence and the Role of the Safety Professi...I decide You decide: Authority, influence and the Role of the Safety Professi...
I decide You decide: Authority, influence and the Role of the Safety Professi...Australian Institute of Health & Safety
 
INVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSIS
INVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSISINVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSIS
INVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSISijseajournal
 
Adversarial Safety Analysis
Adversarial Safety AnalysisAdversarial Safety Analysis
Adversarial Safety AnalysisRoger Johnston
 
Slide set 4 safety and risk
Slide set 4 safety and riskSlide set 4 safety and risk
Slide set 4 safety and riskAbdel Salam Sayyad
 
13.0 project risk management
13.0 project risk management13.0 project risk management
13.0 project risk managementGlen Alleman
 
TAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationTAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationHenry Muccini
 
Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...
Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...
Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...Mohanumar S
 

Recommandé

Authority, Influence and the Role of the Safety Professional in Organisationa...
Authority, Influence and the Role of the Safety Professional in Organisationa...Authority, Influence and the Role of the Safety Professional in Organisationa...
Authority, Influence and the Role of the Safety Professional in Organisationa...Australian Institute of Health & Safety
 
I decide You decide: Authority, influence and the Role of the Safety Professi...
I decide You decide: Authority, influence and the Role of the Safety Professi...I decide You decide: Authority, influence and the Role of the Safety Professi...
I decide You decide: Authority, influence and the Role of the Safety Professi...Australian Institute of Health & Safety
 
INVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSIS
INVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSISINVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSIS
INVESTIGATING GAME DEVELOPERS’ GUILT EMOTIONS USING SENTIMENT ANALYSISijseajournal
 
Adversarial Safety Analysis
Adversarial Safety AnalysisAdversarial Safety Analysis
Adversarial Safety AnalysisRoger Johnston
 
Slide set 4 safety and risk
Slide set 4 safety and riskSlide set 4 safety and risk
Slide set 4 safety and riskAbdel Salam Sayyad
 
13.0 project risk management
13.0 project risk management13.0 project risk management
13.0 project risk managementGlen Alleman
 
TAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationTAROT2013 Testing School - Antonia Bertolino presentation
TAROT2013 Testing School - Antonia Bertolino presentationHenry Muccini
 
Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...
Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...
Unit 5-GE 6075 – PROFESSIONAL ETHICS IN ENGINEERING ...Mohanumar S
 
www.occupationalhazards.com May 2005 Occupational Hazards 43.docx
www.occupationalhazards.com May 2005 Occupational Hazards 43.docxwww.occupationalhazards.com May 2005 Occupational Hazards 43.docx
www.occupationalhazards.com May 2005 Occupational Hazards 43.docxericbrooks84875
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Dejan Jeremic
 
Stepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceStepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceLarry McCraw
 
Smart Cities- A systems perspective on security risk identification: Methodo...
Smart Cities- A systems perspective on security risk identification: Methodo...Smart Cities- A systems perspective on security risk identification: Methodo...
Smart Cities- A systems perspective on security risk identification: Methodo...Smart Cities Project
 
NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk Models NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk ModelsDavid Sweigert
 
Concentric rings of security can be one of the best approach metho
Concentric rings of security can be one of the best approach methoConcentric rings of security can be one of the best approach metho
Concentric rings of security can be one of the best approach methoLynellBull52
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikMichael Woods, MD, MMM
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxbinasnasar1
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
 
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)НАЕК «Енергоатом»
 
Auditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterpriseAuditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterpriseThilak Pathirage -Senior IT Gov and Risk Consultant
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
Dj24712716
Dj24712716Dj24712716
Dj24712716IJERA Editor
 
IS Project Risk Management: Risk Factors in IS Project Management
IS Project Risk Management: Risk Factors in IS Project ManagementIS Project Risk Management: Risk Factors in IS Project Management
IS Project Risk Management: Risk Factors in IS Project ManagementEashani Rodrigo
 
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...IJERA Editor
 
unit4.pptx professional ethics in engineering
unit4.pptx professional ethics in engineeringunit4.pptx professional ethics in engineering
unit4.pptx professional ethics in engineeringPoornachanranKV
 
Quality management
Quality managementQuality management
Quality managementsunthorn don
 
Human Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceHuman Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceThe Windsdor Consulting Group, Inc.
 
Reliable Behavioural Factors in the Information SecurityCont.docx
Reliable Behavioural Factors in the Information SecurityCont.docxReliable Behavioural Factors in the Information SecurityCont.docx
Reliable Behavioural Factors in the Information SecurityCont.docxcarlt4
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Contenu connexe

Similaire à Risk-based Decision-making Fallacies: Why Present Functional Safety Standards Are Not Enough

www.occupationalhazards.com May 2005 Occupational Hazards 43.docx
www.occupationalhazards.com May 2005 Occupational Hazards 43.docxwww.occupationalhazards.com May 2005 Occupational Hazards 43.docx
www.occupationalhazards.com May 2005 Occupational Hazards 43.docxericbrooks84875
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Dejan Jeremic
 
Stepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceStepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceLarry McCraw
 
Smart Cities- A systems perspective on security risk identification: Methodo...
Smart Cities- A systems perspective on security risk identification: Methodo...Smart Cities- A systems perspective on security risk identification: Methodo...
Smart Cities- A systems perspective on security risk identification: Methodo...Smart Cities Project
 
NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk Models NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk ModelsDavid Sweigert
 
Concentric rings of security can be one of the best approach metho
Concentric rings of security can be one of the best approach methoConcentric rings of security can be one of the best approach metho
Concentric rings of security can be one of the best approach methoLynellBull52
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikMichael Woods, MD, MMM
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxbinasnasar1
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
 
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)НАЕК «Енергоатом»
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
IS Project Risk Management: Risk Factors in IS Project Management
IS Project Risk Management: Risk Factors in IS Project ManagementIS Project Risk Management: Risk Factors in IS Project Management
IS Project Risk Management: Risk Factors in IS Project ManagementEashani Rodrigo
 
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...IJERA Editor
 
unit4.pptx professional ethics in engineering
unit4.pptx professional ethics in engineeringunit4.pptx professional ethics in engineering
unit4.pptx professional ethics in engineeringPoornachanranKV
 
Quality management
Quality managementQuality management
Quality managementsunthorn don
 
Human Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceHuman Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceThe Windsdor Consulting Group, Inc.
 
Reliable Behavioural Factors in the Information SecurityCont.docx
Reliable Behavioural Factors in the Information SecurityCont.docxReliable Behavioural Factors in the Information SecurityCont.docx
Reliable Behavioural Factors in the Information SecurityCont.docxcarlt4
 

Similaire à Risk-based Decision-making Fallacies: Why Present Functional Safety Standards Are Not Enough (20)

www.occupationalhazards.com May 2005 Occupational Hazards 43.docx
www.occupationalhazards.com May 2005 Occupational Hazards 43.docxwww.occupationalhazards.com May 2005 Occupational Hazards 43.docx
www.occupationalhazards.com May 2005 Occupational Hazards 43.docx
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...
 
Stepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceStepping Up to Operational Safety Excellence
Stepping Up to Operational Safety Excellence
 
Smart Cities- A systems perspective on security risk identification: Methodo...
Smart Cities- A systems perspective on security risk identification: Methodo...Smart Cities- A systems perspective on security risk identification: Methodo...
Smart Cities- A systems perspective on security risk identification: Methodo...
 
NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk Models NIST Privacy Engineering Working Group -- Risk Models
NIST Privacy Engineering Working Group -- Risk Models
 
Concentric rings of security can be one of the best approach metho
Concentric rings of security can be one of the best approach methoConcentric rings of security can be one of the best approach metho
Concentric rings of security can be one of the best approach metho
 
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-PestotnikPSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
PSQH July-Aug 2015 Simplified ST Model - Woods-Pestotnik
 
ideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptxideas-safety-bbs-presentation.pptx
ideas-safety-bbs-presentation.pptx
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)
Людський чинник в культурі безпеки (Радован Мраз, ВАО-АЕС на АЕС «Богуніце»)
 
Auditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterpriseAuditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterprise
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
Dj24712716
Dj24712716Dj24712716
Dj24712716
 
IS Project Risk Management: Risk Factors in IS Project Management
IS Project Risk Management: Risk Factors in IS Project ManagementIS Project Risk Management: Risk Factors in IS Project Management
IS Project Risk Management: Risk Factors in IS Project Management
 
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...
Understanding Construction Workers’ Risk Decisions Using Cognitive Continuum ...
 
unit4.pptx professional ethics in engineering
unit4.pptx professional ethics in engineeringunit4.pptx professional ethics in engineering
unit4.pptx professional ethics in engineering
 
Quality management
Quality managementQuality management
Quality management
 
Human Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceHuman Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk Governance
 
Reliable Behavioural Factors in the Information SecurityCont.docx
Reliable Behavioural Factors in the Information SecurityCont.docxReliable Behavioural Factors in the Information SecurityCont.docx
Reliable Behavioural Factors in the Information SecurityCont.docx
 

Dernier

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Risk-based Decision-making Fallacies: Why Present Functional Safety Standards Are Not Enough

  • 1. MARCH2017 International Workshop on decision Making in Software ARCHitecture Collocated at ICSA 2017 Gothenburg, Sweden Risk-based Decision-making Fallacies: Why Present Functional Safety Standards Are Not Enough Andreas Johnsen1, Gordana Dodig-Crnkovic12, Kristina Lundqvist1 Kaj Hänninen1, Paul Pettersson1, 1School of Innovation, Design and Engineering, Mälardalen University 2Chalmers University of Technology and University of Gothenburg 1
  • 2. FUNCTIONAL SAFETY OF A SYSTEM Functional safety of a system is the part of its overall safety, understood as freedom from unacceptable/unreasonable risks, that depends on a system operating correctly in response to its inputs. Functional safety elements are examined at every stage of the the software development life cycle, including requirement specification, design, implementation, verification, validation and deployment. Acceptability of risks is judged within a framework of analysis with contextual and cultural aspects by individuals who may introduce subjectivity and misconceptions in the assessment. 2
  • 3. FUNCTIONAL SAFETY STANDARDS If functional safety standards control functional safety by the absence of risk judged to be unacceptable, we argue it is critical to also require the absence of unreasonable judgments. We study common fallacies in risk perception, through a moral- psychological analysis of functional safety standards. We propose plausible improvements of the involved risk-related decision making processes, with analysis of the notion of an acceptable residual risk. 3
  • 4. HARDWARE-SOFTWARE SYSTEMS Issues of safety are best addressed in a combined hardware-software system, where malfunction of software can lead to hardware causing damage. As a reference model, we use the functional safety standard ISO 26262, addressing potential hazards caused by malfunctions of hardware and software systems within road vehicles, and defines safety measures that are required to achieve an acceptable level of safety. 4
  • 5. FALLACIES IN RISK PERCEPTION Fallacies of risk perception: The Majority Rule/Groupthink, Fallacies of Individual Judgment (e.g. the above-average effect), Biases due to Memory Mechanisms, “What You See Is All There Is”, Status Quo Bias, Biases by Subconscious Processes (e.g. priming), etc. Adequate risk assessment especially important in contemporary developed autonomous vehicles with increasing the role of computational applications. 5
  • 6. ISO 26262 SAFETY - the absence of unreasonable risk ISO 26262 is an automotive-specific interpretation of the basic functional safety standard IEC 61508. ISO 26262 provides a safety lifecycle reference model that complies with standardized safety requirements in the development of E/E systems within road vehicles. The reference model both addresses potential hazards caused by malfunctions and specifies safety measures through which safety is achieved. The standard defines safety as the absence of unreasonable risk: “risk judged to be unacceptable in a certain context according to valid societal moral concepts.” 6
  • 7. FUNCTIONAL SAFETY OF A SYSTEM We argue that functional safety standards should be complemented with the analysis of potential hazards caused by fallacies in risk perception, their countermeasures, and the requirement that residual risks must be explicated, motivated, and accompanied by a plan for their continuous reduction. This approach becomes especially important in contemporary developed autonomous vehicles with increasing computational applications. 7
  • 8. RISK Risk is defined as: “the combination of the probability of occurrence of harm and the severity of that harm” Harm and its severity depend on the value system and ethics, which remain implicit in the standard. 8
  • 9. HARM The notion of harm is related to emotions. Harm, physical as well as mental, instinctively causes unpleasant emotions. Together with the ability of reasoning, humans are able to develop models of right and wrong conduct – ethics. The “do no harm”-principle is fundamental to ethics, derived from the value of human dignity and the respect of the personal integrity. In applied ethics, the fundamental principle of beneficence refers to a moral obligation to “act for the others’ benefit, helping them to further their important and legitimate interests, often by preventing or removing possible harms.” 9
  • 10. HARM FROM “RESIDUAL RISK” The question is whether the reasoning behind an “acceptable residual risk” includes untrue assumptions, inferences, or theorems. Such errors have the potential to result in causing harm, that is in unethical conduct, in spite of careful application of functional safety standards. We identify relevant systematic errors of thinking and analyze the impact these fallacies may have on functional safety. The study of fallacies is based on Kahneman’s book “Thinking, Fast and Slow”. 10
  • 11. DECISIONS BASED ON VALUES V a l u e s serve as a g u i d e t o d e c i s i o n m a k i n g a n d a c t i o n . They are relevant to all aspects of engineering practice. Contrary to what many believe, cognitive scientists have found v a l u e s to be integral parts of STEM (Science, Technology, Engineering, and Mathematics). 11 TUANA. COMMUNICATIONS OF THE ACM | DECEMBER 2015 | VOL. 58 | NO. 12
  • 12. TYPES OF VALUES Various types of values can be involved in decision making and reasoning: -  economic values, etc. -  functional & extra-functional values (dependability, reliability, robustness, safety, security, accuracy, integrity, availability, responsiveness, throughput, etc.) -  ethical values (the good of society, equity, sustainability) -  aesthetic values (simplicity, elegance, complexity), or -  epistemic values (predictive power, reliability, coherence, scope). 12
  • 13. CONCLUSIONS Functional safety is assessed in different phases - from initiation and requirements specification to development, testing and verification and maintenance of a system. Decision-making includes subjective elements in which values and ethical judgments are part of the decision process. We propose that residual risk assessment related decision-making is grounded in value-based ethical aspects, which today are implicit, and should be made visible and a subject of scrutiny. Analysis points out the importance of a robust safety culture with developed countermeasures to the common fallacies in risk perception, which are not addressed by contemporary functional safety standards.
  • 14. FUTURE WORK Study of the process of software architecting of cyber physical systems when functional safety is addressed, including stakeholders. Which values enter the decision making processes in different phases of research and development and in what way What would be the best way to assure transparency and document decision-making with respect to risk assessment and specifically residual risk The role of safety culture – from the standard to technology design and application. BUILDING IN LEARNING IN THE SYSTEM.
  • 15. REFERENCES Avizˇienis, J.-C. Laprie, and B. Randell, Dependability and Its Threats: A Taxonomy. Boston, MA: Springer US, 2004, pp. 91–120. International Organization for Standardization, “ISO 26262-1:2011 Road vehicles - Functional safety,” Geneva, Switzerland. R. Hugman, E. Pittaway, and L. Bartolomei, “When ’Do No Harm’ Is Not Enough: The Ethics of Research with Refugees and Other Vulnerable Groups,” British Journal of Social Work, 2011. T. Beauchamp, “The Principle of Beneficence in Applied Ethics,” in Stanford Encyclopedia of Philosophy, 2008. D. Kahneman, Thinking, Fast and Slow. New York: Farrar, Straus and Giroux, 2011. J. M. Doris, The Moral Psychology Handbook. Oxford University Press, 2010. H. Kienle, D. Sundmark, K. Lundqvist, and A. Johnsen, “Liability for Software in Safety- Critical Mechatronic Systems: An Industrial Questionnaire,” in Proceedings of the 2nd International Workshop on Software Engineering for Embedded Systems, June 2012.
  • 16. REFERENCES P. Kemp, En teknolgietik. Stockholm, Sweden: Brutus O¨ stlings Bokfo¨rlag Symposion, 1991. T. Krause, “The Ethics of Safety,” http://ehstoday.com/safety/best-practices/ ehs_imp_67392, October 2016. G. Dodig Crnkovic and B. Cürüklü, “Robots: ethical by design,” Ethics and Information Technology, vol. 14, no. 1, pp. 61–71, 2012. Sapienza, G., Dodig-Crnkovic, G. and Crnkovic, I. Inclusion of Ethical Aspects in Multi- Criteria Decision Analysis. Proc. WICSA and CompArch conference. Decision Making in Software ARCHitecture (MARCH), 2016 1st International Workshop. Venice April 5-8 2016. DOI: 10.1109/MARCH.2016.5, ISBN: 978-1-5090-2573-2. IEE Thekkilakattil, A. and Dodig-Crnkovic, G., Ethics Aspects of Embedded and Cyber- Physical Systems In IEEE Proceedings of COMPSAC 2015: The 39th Annual International Computers, Software & Applications Conference, Symposium on Embedded & Cyber-Physical Environments (ECPE). Taichung, Taiwan - July 1-5, pp. 39-44, 2015. DOI: 10.1109/COMPSAC.2015.41