Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Hagenberg Risk Management Process (Part 2): From Context-Sensitive Triage to Case Analysis With Bowtie and Bayesian Networks

Eckehard Hermann, Harald Lampesberger

TL;DR

A traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks is proposed and an end-to-end, tool-supported workflow that improves transparency, auditability, and operational readiness from prioritization to monitoring-oriented models is proposed.

Abstract

Risk matrices (heatmaps) are widely used for information and cyber risk management and decision-making, yet they are often too coarse for today's resilience-driven organizational and system landscapes. Likelihood and impact (the two dimensions represented in a heatmap) can vary with operational conditions, third-party dependencies, and the effectiveness of technical and organizational controls. At the same time, organizations cannot afford to analyze and operationalize every identified risk with equal depth using more sophisticated methods, telemetry, and real-time decision logic. We therefore propose a traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks. The Hagenberg Risk Management Process presented in this paper integrates three steps: (i) context-aware prioritization using multidimensional polar heatmaps to compare risks across multiple operational states, (ii) Bowtie analysis for triaged risks to structure causes, consequences, and barriers, and (iii) an automated transformation of Bowties into directed acyclic graphs as the structural basis for Bayesian networks. A distinctive feature is the explicit representation of barriers as activation nodes in the resulting graph, making control points visible and preparing for later intervention and what-if analyses. The approach is demonstrated on an instant-payments gateway scenario in which a faulty production change under peak load leads to cascading degradation and transaction loss; DORA serves as the reference framework for resilience requirements. The result is an end-to-end, tool-supported workflow that improves transparency, auditability, and operational readiness from prioritization to monitoring-oriented models.

Hagenberg Risk Management Process (Part 2): From Context-Sensitive Triage to Case Analysis With Bowtie and Bayesian Networks

TL;DR

A traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks is proposed and an end-to-end, tool-supported workflow that improves transparency, auditability, and operational readiness from prioritization to monitoring-oriented models is proposed.

Abstract

Risk matrices (heatmaps) are widely used for information and cyber risk management and decision-making, yet they are often too coarse for today's resilience-driven organizational and system landscapes. Likelihood and impact (the two dimensions represented in a heatmap) can vary with operational conditions, third-party dependencies, and the effectiveness of technical and organizational controls. At the same time, organizations cannot afford to analyze and operationalize every identified risk with equal depth using more sophisticated methods, telemetry, and real-time decision logic. We therefore propose a traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks. The Hagenberg Risk Management Process presented in this paper integrates three steps: (i) context-aware prioritization using multidimensional polar heatmaps to compare risks across multiple operational states, (ii) Bowtie analysis for triaged risks to structure causes, consequences, and barriers, and (iii) an automated transformation of Bowties into directed acyclic graphs as the structural basis for Bayesian networks. A distinctive feature is the explicit representation of barriers as activation nodes in the resulting graph, making control points visible and preparing for later intervention and what-if analyses. The approach is demonstrated on an instant-payments gateway scenario in which a faulty production change under peak load leads to cascading degradation and transaction loss; DORA serves as the reference framework for resilience requirements. The result is an end-to-end, tool-supported workflow that improves transparency, auditability, and operational readiness from prioritization to monitoring-oriented models.
Paper Structure (46 sections, 7 equations, 5 figures, 2 tables)

This paper contains 46 sections, 7 equations, 5 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Why triage is necessary
  3. Contributions
  4. Motivating Use Case: Instant Payments Gateway
  5. Related Work
  6. Heatmaps, risk matrices, and their limitations
  7. Bowtie and barrier modeling
  8. From Bowtie to Bayesian networks for operational updates
  9. Causality and intervention
  10. Multidimensional polar heatmaps
  11. Definition and classification of context factors
  12. Formal model: ND heatmap and ND slices
  13. Polar heatmap as visualization
  14. Context-based adjustments
  15. Design of axes, levels, and thresholds
  16. ...and 31 more sections

Figures (5)

  • Figure 1: Risk editor of the Risk Analyser: assignment of several context factors that influence likelihood (X axis) and transactions (Y axis).
  • Figure 2: ND slice of a heatmap: Fixed dimensions show the selected level of the Operational Load Context axis.
  • Figure 3: Polar heatmap with legend/interpretation.
  • Figure 4: Bowtie with context factors mapped onto barriers (fault tree left, event tree right).
  • Figure 5: DAG derived from Bowtie with marked barriers as activation nodes.