Hagenberg Risk Management Process (Part 2): From Context-Sensitive Triage to Case Analysis With Bowtie and Bayesian Networks
- URL: http://arxiv.org/abs/2602.19270v1
- Date: Sun, 22 Feb 2026 16:53:14 GMT
- Title: Hagenberg Risk Management Process (Part 2): From Context-Sensitive Triage to Case Analysis With Bowtie and Bayesian Networks
- Authors: Eckehard Hermann, Harald Lampesberger,
- Abstract summary: We propose a traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks.<n>A distinctive feature is the explicit representation of barriers as activation nodes in the resulting graph.<n>The approach is demonstrated on an instant-payments gateway scenario in which a faulty production change under peak load leads to cascading degradation and transaction loss.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Risk matrices (heatmaps) are widely used for information and cyber risk management and decision-making, yet they are often too coarse for today's resilience-driven organizational and system landscapes. Likelihood and impact (the two dimensions represented in a heatmap) can vary with operational conditions, third-party dependencies, and the effectiveness of technical and organizational controls. At the same time, organizations cannot afford to analyze and operationalize every identified risk with equal depth using more sophisticated methods, telemetry, and real-time decision logic. We therefore propose a traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks. The Hagenberg Risk Management Process presented in this paper integrates three steps: (i) context-aware prioritization using multidimensional polar heatmaps to compare risks across multiple operational states, (ii) Bowtie analysis for triaged risks to structure causes, consequences, and barriers, and (iii) an automated transformation of Bowties into directed acyclic graphs as the structural basis for Bayesian networks. A distinctive feature is the explicit representation of barriers as activation nodes in the resulting graph, making control points visible and preparing for later intervention and what-if analyses. The approach is demonstrated on an instant-payments gateway scenario in which a faulty production change under peak load leads to cascading degradation and transaction loss; DORA serves as the reference framework for resilience requirements. The result is an end-to-end, tool-supported workflow that improves transparency, auditability, and operational readiness from prioritization to monitoring-oriented models.
Related papers
- Automating Supply Chain Disruption Monitoring via an Agentic AI Approach [49.77982322940809]
We introduce a minimally supervised agentic AI framework that autonomously monitors, analyses, and responds to disruptions across extended supply networks.<n>The system achieves high accuracy across core tasks, with F1 scores between 0.962 and 0.991, and performs full end-to-end analyses in a mean of 3.83 minutes at a cost of $0.0836 per disruption.
arXiv Detail & Related papers (2026-01-14T18:28:31Z) - The Role of Risk Modeling in Advanced AI Risk Management [33.357295564462284]
Rapidly advancing artificial intelligence (AI) systems introduce novel, uncertain, and potentially catastrophic risks.<n>Managing these risks requires a mature risk-management infrastructure whose cornerstone is rigorous risk modeling.<n>We argue that advanced-AI governance should adopt a similar dual approach and that verifiable, provably-safe AI architectures are urgently needed.
arXiv Detail & Related papers (2025-12-09T15:37:33Z) - RIS-Assisted Downlink Pinching-Antenna Systems: GNN-Enabled Optimization Approaches [51.56300276709421]
This paper investigates a reconfigurable intelligent surface (RIS)-assisted multi-waveguide pinching-antenna (PA) system (PASS) for multi-user downlink information transmission.<n>By leveraging a graph-structured topology of the RIS-assisted PASS, a novel three-stage graph neural network (GNN) is proposed, which learns PA positions based on user locations.
arXiv Detail & Related papers (2025-11-25T13:43:44Z) - Building a Foundational Guardrail for General Agentic Systems via Synthetic Data [76.18834864749606]
LLM agents can plan multi-step tasks, intervening at the planning stage-before any action is executed-is often the safest way to prevent harm.<n>Existing guardrails mostly operate post-execution, which is difficult to scale and leaves little room for controllable supervision at the plan level.<n>We introduce AuraGen, a controllable engine that synthesizes benign trajectories, injects category-labeled risks with difficulty, and filters outputs via an automated reward model.
arXiv Detail & Related papers (2025-10-10T18:42:32Z) - Bayesian and Multi-Objective Decision Support for Real-Time Cyber-Physical Incident Mitigation [6.852472228194646]
This research proposes a real-time, adaptive decision-support framework for mitigating cyber incidents in cyber-physical systems.<n>It is developed in response to an increasing reliance on these systems within critical infrastructure and evolving adversarial tactics.
arXiv Detail & Related papers (2025-08-31T09:47:38Z) - CORTEX: Composite Overlay for Risk Tiering and Exposure in Operational AI Systems [0.812761334568906]
This paper introduces CORTEX, a multi-layered risk scoring framework to assess and score AI system vulnerabilities.<n>It was developed on empirical analysis of over 1,200 incidents documented in the AI Incident Database (AIID)<n>The resulting composite score can be operationalized across AI risk registers, model audits, conformity checks, and dynamic governance dashboards.
arXiv Detail & Related papers (2025-08-24T07:30:25Z) - Modeling Interdependent Cybersecurity Threats Using Bayesian Networks: A Case Study on In-Vehicle Infotainment Systems [0.0]
This paper reviews the application of Bayesian Networks (BNs) in cybersecurity risk modeling.<n>A case study is presented in which a STRIDE-based attack tree for an automotive In-Vehicle Infotainment (IVI) system is transformed into a BN.
arXiv Detail & Related papers (2025-05-14T01:04:45Z) - Adapting Probabilistic Risk Assessment for AI [0.0]
General-purpose artificial intelligence (AI) systems present an urgent risk management challenge.<n>Current methods often rely on selective testing and undocumented assumptions about risk priorities.<n>This paper introduces the probabilistic risk assessment (PRA) for AI framework.
arXiv Detail & Related papers (2025-04-25T17:59:14Z) - Efficient Risk-sensitive Planning via Entropic Risk Measures [51.42922439693624]
We show that only Entropic Risk Measures (EntRM) can be efficiently optimized through dynamic programming.<n>We prove that this optimality front can be computed effectively thanks to a novel structural analysis and smoothness properties of entropic risks.
arXiv Detail & Related papers (2025-02-27T09:56:51Z) - It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation [50.06412862964449]
Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks.
Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete.
This paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime.
arXiv Detail & Related papers (2023-12-27T10:44:58Z) - RIS Enhanced Massive Non-orthogonal Multiple Access Networks: Deployment
and Passive Beamforming Design [116.88396201197533]
A novel framework is proposed for the deployment and passive beamforming design of a reconfigurable intelligent surface (RIS)
The problem of joint deployment, phase shift design, as well as power allocation is formulated for maximizing the energy efficiency.
A novel long short-term memory (LSTM) based echo state network (ESN) algorithm is proposed to predict users' tele-traffic demand by leveraging a real dataset.
A decaying double deep Q-network (D3QN) based position-acquisition and phase-control algorithm is proposed to solve the joint problem of deployment and design of the RIS.
arXiv Detail & Related papers (2020-01-28T14:37:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.