Abstract
Introduction
Literature Review
Objective and tasks
Based on the literature review, we recognize some gaps in areas of research related to BA applications for IT safety and security domain. These gaps are in the area of some lack of empirical data as well as a lack of theoretical basis to understand and research the importance of BA for safety and security, to analyze BA techniques and exercises from the point of view of safety and security frameworks, and to improve the compliance criteria coverage and accuracy-related with BA. The objective of this paper is to develop a practical approach to implement the business analysis techniques for safety and security assurance and assessment. To achieve the paper's objective, we perform the following research steps:
Firstly, we analyzed general issues of BA in the IT safety and security domain including such key processes as BA planning and monitoring, elicitation and collaboration, requirements lifecycle management, strategy analysis, requirements analysis and design definition, and solution evaluation;
Secondly, we defined BA techniques applicable for the AC framework;
Finally, we represented some practical results related to BA activities implementation for the AC framework.
Business Analysis Applicability for Safety and Security Assurance and Assessment
In this section, we analyzed the main issues of BA concluding how is it applicable for IT safety and security domain. The core content of the BABOK Guide is composed of business analysis tasks organized into six knowledge areas, including BA planning and monitoring, elicitation and collaboration, requirements lifecycle management, strategy analysis, requirements analysis, and design definition, and solution evaluation. Following this, we structured all safety and security-related activities into six groups. These process groups are standardized as per BABAOK Guide but updated by safety and security implementation needs. Description of processes is done in a view of Input/Output diagrams, which also contain performed tasks connecting inputs and outputs. Reading sequence of entities on diagrams is left to right and top to bottom.
Safety and Security Planning and Monitoring
The safety and security planning and monitoring process organizes and coordinates the efforts of analysts, engineers, and stakeholders. A context of this process is directed to ensure a complete understanding of the context under analysis to develop an efficient assurance and assessment approach. A core concept for safety and security planning and monitoring includes the following tasks (see Fig. 1):
Fig. 1. Safety and Security Planning and Monitoring Input/Output Diagram
Plan safety and security approach describes the planning from creation or selection of a safety and security implementation methodology to planning the individual activities, tasks, and deliverables;
Plan stakeholder engagement describes understanding which stakeholders are relevant to the change, what analysts need from them, what they need from analysts, and what is the best way to collaborate;
Plan safety and security governance defines the components that are used to support the governance function of the involved organizations. It helps ensure that decisions are made properly and consistently, and follows a process that ensures decision-makers have the information they need;
Plan safety and security information management defines how information developed by participants is captured, stored, and integrated with other information for long-term use;
Identify safety and security performance improvements describes managing and monitoring to ensure that commitments are met and continuous learning and improvement opportunities are realized.
Elicitation and Collaboration
The elicitation and collaboration process describes the tasks performed to obtain information from stakeholders and confirm the results. It also describes the communication with stakeholders once any information is assembled. Elicitation is the drawing ahead or receiving of information from stakeholders or other sources. It is the main path to discovering requirements and design information and might involve talking with stakeholders directly, researching topics, experimenting, or simply being handed information. The elicitation and collaboration are composed of the following tasks (Fig. 2):
Fig. 2. Elicitation and Collaboration Input/Output Diagram
Prepare for elicitation involves ensuring that the stakeholders have the information they need to provide and that they understand the nature of the activities they are going to perform;
Conduct elicitation describes the work performed to understand stakeholder needs and identify potential solutions that may meet those needs;
Confirm elicitation results involves ensuring that stakeholders have a shared understanding of the outcomes of elicitation and that elicited information is recorded appropriately. This task also involves comparing the information received from different sources to look for inconsistencies or gaps;
Communicate safety and security information provides stakeholders with the information they need at the time they need it;
Manage stakeholder collaboration describes working with stakeholders to engage them in safety and security activities to ensure that valuable outcomes can be delivered.
Requirements Lifecycle Management
The requirements life cycle management process includes the following tasks (see Fig. 3):
Fig. 3. Requirements Lifecycle Management Input/Output Diagram
Trace requirements to analyze and maintain the relationships between requirements, design, solution components, and other work products for impact analysis, coverage, and allocation. The purpose of tracing is to ensure that requirements and design at different levels are aligned to one another, and to manage the effects of a change to one level on related requirements;
Maintain requirements to ensure that requirements and design are accurate and current throughout the life cycle and facilitates reuse where appropriate;
Prioritize requirements assessing the value, urgency, and risks associated with particular requirements and designs to ensure that analysis and delivery are done on the most important ones at any given time;
Assess requirements changes does evaluate new and changing requirements to determine if they need to be acted on within the scope of a change;
Approve requirements works with stakeholders involved in the governance process to reach approval and agreement on requirements and design.
BA deals with the following levels of requirements:
Business requirements are statements of goals, objectives, and outcomes that describe why a change has been initiated. They can apply to the whole of an enterprise, a business domain, or a specific plant and system;
User requirements describe the needs of the users that shall be met in order to achieve the business requirements. They may serve as a bridge between business and technical solution requirements;
Technical requirements describe the capabilities and qualities of a solution that meets the stakeholder requirements. They provide the appropriate level of detail to allow for the development and implementation of the solution. Technical requirements can be divided into functional and non-functional (quality of service) requirements.
Strategy Analysis
Firstly, we attack opportunities to establish a strategy of safety and security implementation for critical systems. Strategy defines the most effective way to apply the capabilities of a system to reach the desired set of safety and security goals and objectives. Strategies may exist for the entire plant site, for a system, a programmable part of a system, and for a software application. Strategy analysis provides context to requirements analysis and design definition. Strategy analysis should be performed as needs for safety and security improvement are identified. The following Fig. 4 illustrates the spectrum of value as business analysis activities progress from strategy analysis through requirements and design development to actual value of the implemented solution.
Fig. 4. Business Analysis value proposition for IT safety and security domain
Strategy defines the most effective way to apply the capabilities of an organization or a development team to reach the desired set of goals and objectives. Strategy analysis focuses on defining the future and transition states needed to address the business needs as well as safety and security needs based on strategic thinking. The strategy analysis process includes the following tasks (see Fig. 5):
Fig. 5. Strategy Analysis Input/Output Diagram
Analyze current state understands the business need and how it relates to the way the critical site with ICS or IoT system performs today;
Define future state sets objectives that demonstrate that the business needs satisfied and defines what parts need to change in order to meet those objectives;
Assess risks: understands the uncertainties around the change, considers the effect those uncertainties may have on the ability to deliver value through a change and recommends actions to address risks where appropriate;
Define change strategy performs a gap analysis between current and future state, assesses options for achieving the future state, and recommends the best approach for reaching the future state.
Requirements Analysis and Design Definition
The requirements analysis and design definition describe the tasks that are performed to structure and organize requirements discovered during elicitation activities including the following tasks (Fig. 6):
Fig. 6. Requirements Analysis and Design Definition Input/Output Diagram
Specify and model requirements describes a set of requirements or design in detail using analytical techniques;
Verify requirements ensures that a set of requirements or design has been developed in enough detail to be usable by a particular stakeholder, is internally consistent, and is of high quality;
Validate requirements ensures that a set of requirements or design delivers business value and supports the organization's goals and objectives;
Define requirements architecture structures all requirements and design so that they support the overall business purpose for a change and that they work effectively as a cohesive whole;
Define design options identifies, explores, and describes different possible ways of meeting the needs;
Analyze value and potential solution assesses the business value associated with a potential solution and compares different options.
Solution Evaluation
The solution evaluation process describes the tasks fulfilled to assess the performance of and value delivered by a solution in use by the enterprise and to recommend removal of barriers or constraints that prevent the full realization of the value. This process includes the following tasks (Fig 7):
Fig. 7. Solution Evaluation Input/Output Diagram
Measure solution performance determines the most appropriate way to assess the performance of a solution, including how it aligns with enterprise goals and objectives, and performs the assessment;
Analyze performance metrics examines information regarding the performance of a solution in order to understand the value it delivers to the enterprise and to stakeholders and determines whether it is meeting current business needs;
Assess solution limitations investigates issues within the scope of a solution that may prevent it from meeting current business needs;
Assess safety and security limitations investigates issues outside the scope of a solution that may be preventing the enterprise from realizing the full value that a solution is capable of providing;
Recommend actions for safety and security identifies and defines actions the enterprise can take to increase safety and security with the value that can be delivered by a solution.
Business Analysis Techniques Applicable for the Assurance Case Framework
There are the following main activities performed by business analysts during IT projects running:
Pre-sales which include activities related to preliminary negotiation with potential client communicating him generic information about future project scope and price;
Discoveries which include an initial project phase related to elicitation, analyzing, and documenting of requirements with the execution of different kinds of BA exercises. BA discovery activity is the most important for IT projects. This stage is relatively independent of the business environment context and can be implemented for safety and security-critical ICS and IoT systems. Researchers and engineers involved in the IT safety and security projects can perform discovery activities depending on the system context and requirements level;
The main project activities usually managed in accordance with agile methodologies including backlog prioritization and grooming with communicating requirements to a project team and organizing User Acceptance Tests to get feedback from stakeholders;
Internal company activities directed business processes management and improvement of the company processes which can be described, for example, in a view of Business Process Modeling Notation (BPMN) diagrams.
Table 1. Business Analysis Techniques for the Assurance Case Framework
Business Analysis Techniques Application for Assurance Case
In this section, we demonstrate some artifacts and activities related to the AC framework, which are supported with BA techniques as per BABOK Guide (see Table 1). Decomposition of requirements to the system was performed with scope modeling as well as risk analysis and management. A hierarchy of requirements creates the structure of the AC in the form of a pyramid. In most regulatory requirements for control systems, the structure of requirements includes 3 or 4 levels (Fig. 8).
Zero level is a meta-goal according to which the control system must meet all safety requirements. At the first level, global safety goals are achieved, for example, according to functional safety requirements:
The safety and security management system shall achieve all safety objectives;
Safety and security life cycle should be implemented during system development;
A sufficient set of measures against random failure must be applied to the system;
A sufficient set of measures against systematic and software failures, including cyberattack defense, must be applied to the system.
Fig. 8. Hierarchy of Requirements with a Relation to Argumentation Steps
The structure of the links between the zero, first and second levels is a tree transparent enough and does not require the detailed elaboration of the arguments, since these arguments are typical and well tested. However, structured arguments are required when moving from the second level to the lower levels. The requirements of the lower levels may be either composite (such as include several separate requirements) or separate. If all requirements are separate, this level becomes third, and then it is directly related to the subgroups of requirements. Fig. 7 combines the overall structure of the AC and the algorithm for constructing structured arguments. Such arguments should be developed for the second, third, and fourth (if any) levels. For the lowest level, besides the Reasoning Step (RS), the Evidential Step (ES) should also be applied. Since it is not appropriate to add detailed information about the content of the arguments on the graph structure, each of the nodes of the AC, starting with the second level, is marked with an argument description using so-called structured text (ST). Notice, that the AC is not a strict tree because the same evidence can support different arguments or subgoals.
Templates of structured text have been developed with the support of acceptance and evaluation criteria as well as concept modeling. The structured text has a template with a set of fields that are denoted by service words that correspond to the AC components. We need to provide two templates, for the RS and the ES (Fig. 9,10).
Reasoning Step
Context
Connection with the Assurance Case graph in relation with high and low levels
Docs
Technical documents related to arguments and evidences
Claim
Goal related with an argument
Subclaims
Subgoals demonstrated the goal (Claim) achievement
Justification
Structure and content of subgoals (Subclaims)
END Reasoning Step
Fig. 9. A Template of Structured Text for a Reasoning Step
Evidential Step
Context
Connection with the Assurance Case graph in relation with high and low levels
Docs
Technical documents related to arguments and evidences
Claim
Subclaims from Reasoning Step become Claim
Evidence
Proofs, which support Claim achievement
Justification
Structure and content of Evidence
END Evidential Step
Fig. 10. A Template of Structured Text for an Evidential Step
Moving forward, we can perform the rest of the activities of the AC framework, which are supported with BA techniques, including the development of an algorithm of the structured argumentation, specification of structured text for safety and security requirements, and drawing of the AC requirements graph.
Conclusions
In this paper, we obtain the following results. General issues of BABOK Guide have been analyzed. The core content of the BABOK is composed of business analysis tasks organized into six knowledge areas, including BA planning and monitoring, elicitation and collaboration, requirements lifecycle management, strategy analysis, requirements analysis, and design definition, and solution evaluation. Business Analysis Core Concept Model (BACCM) defines a conceptual framework for the business analysis profession. The six core concepts in the BACCM are: change, need, solution, stakeholder, value, and context.
Reasons for business analysis implementation in the IT safety and security domain include its support of requirement management approach with safety and security life cycle as well opportunities to support practical safety and security frameworks. We prioritize business analysis techniques applicable to the Assurance Case framework and represent the results of such application.
One more important BA technique utilization is the application in IT education. Reasons for BA learning include its support of the case method approach with project-based learning as well as the development of students’ hard and soft skills. BABOK provides evidence that BA learning and training support the development of such hard skillset as analytical thinking and problem-solving, business knowledge, and tools and technology knowledge.