Humans are by Nature Political Animals: New Evidence and Arguments
Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an...
Transcript of Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an...
![Page 1: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/1.jpg)
Evidence-based arguments as
a tool supporting risk
management of critical
infrastructures
2nd ERNCIP Conference, 15-17 April 2015, Brussels
Janusz Górski
Department of Software Engineering
Gdańsk University of Technology, Poland
ARGEVIDE sp. z o.o., Gdańsk, Poland
![Page 2: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/2.jpg)
2
Topics
Evidence based arguments
What is TRUST-IT and NOR-STA?
Argument model and argument assessment
How NOR-STA supports conformance/compliance and assurance
Experiences with using NOR-STA
Conformance Case Study: EU Regulation 994/2010
NOR-STA demo
![Page 3: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/3.jpg)
3
Evidence-based Arguments
Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for accepting a particular conclusion
This ’something’ can be:
assurance of some important property (safety, security, privacy, reliability, …)
conformance with a stated set of criteria (standard, norm, directive, recommendation and so on)
ranking in fulfillment of the agreed requirements
…
Evidence in its broadest sense includes everything that is used to determine or demonstrate the truth of an assertion.
Evidence can be used to support arguments – by demonstrating the truth of the premises
Assumption:
Evidence is delivered in electronic documents of any form: text, graphics, image, video, audio etc.
![Page 4: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/4.jpg)
Evidence based arguments
Assurance
cases Conformance
cases
Safety
Security
Privacy
Rating
cases
Comparative cases
Hospital
accreditation
CAF
SBB HACCP
ISO
H&S+E+Q
![Page 5: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/5.jpg)
Evidence based arguments
Assurance
cases Conformance
cases
Safety
Security
Privacy
Rating
cases
Comparative cases
Hospital
accreditation
CAF
SBB HACCP
ISO
H&S+E+Q
![Page 6: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/6.jpg)
6 Deployment in the cloud
Generic Argument
Management
Services
Application specific packages
![Page 7: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/7.jpg)
7 Deployment in the cloud
Generic Argument
Management
Services
Application specific packages
![Page 8: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/8.jpg)
8
NOR-STA argument model
![Page 9: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/9.jpg)
9
Case study – a meeting
![Page 10: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/10.jpg)
10
Claim: Successful meeting
Fact: True experts participate
Fact: True experts participate
Evidence
• Strategy of argumentation: Argumentation by referring to
competencies of participants
Rationale:
Case studies reveal that success of a
meeting depends on the expertise of
its participants
– We will have a successful meeting
because true experts participate
• Evidence:
Demonstrates a fact that we have true
experts at the conference
Strategy of argumentation
and its
Rationale
An argument about the meeting
![Page 11: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/11.jpg)
11
premises
inference
conclusion
NOR-STA argument model
Claim
Argumentation
strategy Rationale
Fact
Assumption
Reference Information
Claim
![Page 12: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/12.jpg)
12
Example:
Successful meeting
![Page 13: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/13.jpg)
13
Example:
Successful meeting
![Page 14: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/14.jpg)
14
Example:
Successful meeting
![Page 15: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/15.jpg)
15
Argument Assessment
![Page 16: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/16.jpg)
16
Successful meeting
Assessment
Successful meeting
True experts participate
True experts
Evidence
• Logic doubt:
Does participation of true
experts really determine the
success of a meeting?
– We will have a successful meeting
because true experts participate
• Epistemic doubt:
Do we really have experts at this
meeting?
Assessment of the
inference
Assessment of
the
evidence
![Page 17: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/17.jpg)
17
Communication the assessment relults
![Page 18: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/18.jpg)
18
Assessment methods in NOR-STA
Presently NOR-STA supports 7 different assessment methods
You can select an assessment method appropriate to your needs
It is possible to include additional, customer-specified assessment
methods
![Page 19: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/19.jpg)
19
Assessment methods in NOR-STA
Presently NOR-STA supports 7 different assessment methods
You can select an assessment method appropriate to your needs
It is possible to include additional, customer-specified assessment
methods
![Page 20: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/20.jpg)
20
HOW NOR-STA SUPPORTS
CONFORMANCE/COMPLIANCE?
Prescriptive approach- standards/regulations impose explicit requirements to be met
Conformance Case = evidence-based argument demonstrating conformance to the
requirements
Conformance Argument Template = a pattern of argumentation derived form the standard
NOR-STA has been already applied to develop conformance cases for the following
standards:
Commercial applications
Hospital accreditation
HACCP (Hazard Analysis and Critical Control Point system)
CAF (Common Assessment Framework)
SSB (Outsourcing risk management)
R&D applications
ISO 27001 (Information Security Management)
ISO/IEC 15408 (Common Criteria)
EU Regulation 994/2010 (Measures to safeguard security of gas supply)
![Page 21: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/21.jpg)
21
HOW NOR-STA SUPPORTS
CONFORMANCE/COMPLIANCE?
Prescriptive approach- standards/regulations impose explicit requirements to be met
Conformance Case = evidence-based argument demonstrating conformance to the
requirements
Conformance Argument Template = a pattern of argumentation derived form the standard
NOR-STA has been already applied to develop conformance cases for the following
standards:
Commercial applications
Hospital accreditation
HACCP (Hazard Analysis and Critical Control Point system)
CAF (Common Assessment Framework)
SSB (Outsourcing risk management)
R&D applications
ISO 27001 (Information Security Management)
ISO/IEC 15408 (Common Criteria)
EU Regulation 994/2010 (Measures to safeguard security of gas supply)
![Page 22: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/22.jpg)
22
HOW NOR-STA SUPPORTS
ASSURANCE?
Goal-setting approach – performance oriented objectives to be demonstrated
Assurance Case = evidence-based argument demonstrating achieving of the assumed
goals
User-chosen strategy of argumentation
e.g. risk-based decomposition, architecture-based decomposition
Explicit justification of confidence
NOR-STA has been already applied to develop assurance cases in relation to the
following documents:
Commercial applications:
ISO 17065 (Conformity assessment -- Requirements for bodies certifying products, processes and services) –
technology qualification
ISO 26262 (Road vehicles – Functional safety)
IEC 61511 (Functional safety - Safety instrumented systems for the process industry )
IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems )
R&D applications:
HIPAA (Health Insurance Portability and Accountability Act )
Safety of medical devices (FDA Open PCA Pump)
![Page 23: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/23.jpg)
23
Case study: EU Regulation 994/2010
![Page 24: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/24.jpg)
24
The starting claim
We start the argument with a claim about being
conformant to the Regulation
Conformance to Regulation (EU) No 994/2010 - measures to safeguard security of gas supply
![Page 25: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/25.jpg)
25
Adding argumentation strategy
Claim should be supported by a justified argumentation strategy.
Conformance to Regulation (EU) No 994/2010 - measures to safeguard security of gas supply
Argument by referring to mandatory actions required by the regulation
Regulation requirements explicitly enumerate mandatory actions
Argumentation strategy
explains the inference rule
Rationale
justifies why the rule is
appropriate and valid
![Page 26: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/26.jpg)
26
Adding premises
Initial actions
Risk Assessment
Preventive Action Plan
Emergency Plan
Claims
to be supported by more detailed argumentation
Conformance to Regulation (EU) No 994/2010 - measures to safeguard security of gas supply
Argument by refering to mandatory actions required by the regulation
![Page 27: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/27.jpg)
27
Adding premises
Initial actions
Designation of a Competent Authority
Definition of roles and responsibilities
Information about intergovernmental agreements
Facts
to be supported by evidence
Argument by article requirements
( Article 2,3 and 13(6))
Definition of "Protected customers"
![Page 28: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/28.jpg)
28
Adding references
to evidence
Reference points to an external resource
(evidence container)
Designation of a Competent Authority
Competent Authority designation act
A warning sign is used to denote incomplete elements, e.g. references without any evidence
![Page 29: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/29.jpg)
29
Adding references
to evidence
Reference points to an external resource
(evidence container)
Designation of a Competent Authority
Competent Authority designation act
Competent Authority
Designation Act
![Page 30: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/30.jpg)
30
Complete argument
for 994/2010
![Page 31: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/31.jpg)
31
Assessment of the argument
for 994/2010
![Page 32: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/32.jpg)
32
NOR-STA DEMO
![Page 33: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/33.jpg)
33
How NOR-STA supports CIP?
Regulator’s viewpoint
imposing a common structure of compliance demonstration
continuous monitoring of compliance achievement by different users
Operator’s viewpoint
demonstrating conformance with standards and regulations
support for internal and external audit
support for assuring specific CIP objectives
support for vertical communication (management information and
decisions)
support for responsibilities assignment
![Page 34: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/34.jpg)
34
Where can I find more
information?
![Page 35: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/35.jpg)
35
www.argevide.com
![Page 36: Evidence-based arguments as a tool supporting risk ... · 3 Evidence-based Arguments Argument is an attempt to persuade someone of something, by giving reasons and/or evidence for](https://reader030.fdocuments.us/reader030/viewer/2022040820/5e689ecb4ce7f071d2487076/html5/thumbnails/36.jpg)
36
Questions&Answers