Analýza a řízení rizik podnikatelského subjektu provozujícího svoji hospodářskou činnost v zemědělském odvětví / Risk analysis and risk management of the business operating its economic activities in the agricultural sector

Vrátil, Tomáš

January 2010

The aim of this thesis is to describe the methods, tools and procedures for analysis and risk management businesses. Another objective is to identify specific features of the agricultural sector and to identify the risks that are unique to this sector. The identification and risk assessment of the significance of the selected business entity is part of the thesis. The main contribution of this thesis is processing of risk management. This section consists of the recommendations and proposals in the field of preventing and reducing the impact of risks on the business entity and suggestions for possible improvements of the current situation in order to increase the stability, resilience and flexibility of the entity.

Avaliação de segurança em sistemas de controle de tráfego aéreo baseados em vigilância dependente automática por radiodifusão considerando parâmetros de integridade de dados. / Safety assessment in air traffic control systems based on automatic dependent surveillance broadcast by considering data integrity parameters.

Daniel Baraldi Sesso

17 October 2016

A demanda pelo aumento do volume de tráfego aéreo tem pressionado as autoridades da aviação a adensar o espaço aéreo global, por meio de redução na separação entre aeronaves, permitindo operações mais eficientes no Gerenciamento de Tráfego Aéreo (ATM). No entanto, questões relacionadas com a segurança das operações de tráfego aéreo surgem quando se considera a possibilidade de reduzir a separação de aeronaves. Objetivamente, para maior eficiência e redução da separação, sem que isso afete significativamente a segurança, a posição vigiada das aeronaves deve aparecer de forma não só mais exata e precisa para o controlador de tráfego aéreo (ATCo), como deve ser mais fiável, o que envolve a integridades dessa informação. Essa pesquisa propõe avaliar os impactos que esses parâmetros têm nos níveis de segurança crítica (safety) no sistema de controle de tráfego aéreo (ATC) inserido no novo conceito de ATM Global (CNS/ATM). Para isso, foi realizada uma análise dos dados de erro de posicionamento do Sistema de Navegação Global por Satélites (GNSS) visando estabelecer seu comportamento. Esse comportamento é utilizado para modelar um sistema de controle de tráfego completo para fins de simulação e, adotando-se a metodologia de análise de segurança desenvolvida por Vismari (2007), avaliar os efeitos que esses novos parâmetros exercem sobre os níveis de segurança encontrados na pesquisa desenvolvida por Vismari (2007) para ambientes de tráfego aéreo baseados na Vigilância Dependente Automática por Radiodifusão (ADS-B). São comparados diversos cenários em que houve a degradação do comportamento do sistema GNSS. Para cada cenário estudado verificou-se que a degradação do comportamento não foi suficiente para gerar eventos de risco relacionados à integridade dos dados posicionais das aeronaves. Assim, dentro das condições simuladas, o sistema manteve os níveis de segurança crítica no que se refere à integridade do posicionamento das aeronaves apresentadas na tela do controlador de tráfego aéreo em operações de resolução de conflito. O modelo computacional desenvolvido possui diversas características que, apesar de não serem totalmente utilizadas na presente pesquisa, constituem um legado para pesquisas futuras e para a integração com a Plataforma Integrada para Ensaios de Sistemas Embarcados Críticos (PIpE-SEC) desenvolvida dentro do Grupo de Análise de Segurança (GAS) da EPUSP. / The demand for increasing air traffic volume has pressed aviation authorities to densify the global airspace through separation reduction between aircraft, allowing operations that are more efficient in the Air Traffic Management (ATM). However, issues related to the safety of air traffic operations arise when considering the possibility of reducing the separation of aircraft. Objectively, for greater efficiency and separation reduction, without significantly affecting safety, surveillance positions of the aircraft must appear not only more accurate and precise to the air traffic controller (ATCo), it should be more trustworthy, which concerns the integrity of that information. This research proposes to assess the impacts of these parameters on the safety levels of air traffic control system (ATC) inserted in the new concept of Global ATM (CNS/ATM). To achieve it, an analysis of the data related to error in positioning of the Global Navigation Satellite System (GNSS) was made to establish its behavior. This behavior analysis is used to model a complete traffic control system for simulation purposes and, adopting the safety analysis methodology developed by Vismari (2007), evaluate the effects that these new parameters had on the safety levels found in the research developed by Vismari (2007) for air traffic environments based on Automatic Dependent Surveillance - Broadcast (ADS-B). They are compared to various scenarios in which there was a GNSS system performance degradation. For each studied scenario, it was found that GNSS behavior\'s degradation was not sufficient to create risk events in aspects related to integrity of the aircraft position data. Thus, within the simulated conditions, the system kept the safety levels regarding to the integrity of the aircraft position informed on screen to the air traffic controller in conflict resolution operations. The computational model developed has several features, which, although not totally applied in this research, constitute a legacy for future research and for integration with the Integrated Platform for Testing Critical Embedded Systems (PIpE-SEC) developed within the Safety Analysis Group (GAS) of EPUSP.

Análise de risco

Engenharia de computação

Segurança crítica

Simulação de sistemas

Sistema de posicionamento global

Tráfego aéreo

Air traffic

Global positioning system

Risk analysis

Safety

System simulation

Modelo de suporte a políticas e gestão de riscos de segurança voltado à terceirização de TIC, computação em nuvem e mobilidade. / Support framework for security policies and risk management focused on ITC outsourcing, cloud computing and mobility.

Leandro José Aguilar Andrijic Malandrin

05 April 2013

O cenário tecnológico é um fator importante a ser considerado ao se trabalhar com Sistemas de Gestão de Segurança da Informação (SGSI). No entanto, nos últimos anos esse cenário se alterou profundamente, aumentando em complexidade de maneira até antes não vista. Caracterizado principalmente por tendências tecnológicas como a terceirização de infraestrutura de TIC, a computação em nuvem e a mobilidade, o cenário externo atual gera grandes novos desafios de segurança. A abordagem típica para tratar com mudanças de cenário em SGSIs é uma revisão da análise de riscos e a implantação de novos controles de segurança. No entanto, frente a um cenário tão disruptivo, riscos podem passar despercebidos, devido à falta de conhecimento sobre os novos elementos introduzidos por esse cenário. Por causa disso, adaptações mais profundas, durante o próprio planejamento do SGSI, são necessárias. Usando a norma de segurança ISO/IEC 27001 como referência, esse trabalho introduz um modelo de suporte que permite a identificação dessas adaptações. Para construir esse modelo, foram inicialmente levantados os riscos referentes a cada uma das três tendências tecnológicas listadas. Esses riscos foram compilados e analisados em conjunto, buscando a identificação de temas de preocupação recorrentes entre eles. Para endereçar cada um dos temas dentro do modelo de suporte, foram levantadas adaptações do SGSI sugeridas na literatura e na prática de segurança. Essas adaptações foram transformadas em pontos de checagem a serem observados durante a execução das duas atividades principais da fase de Planejamento do SGSI da ISO/IEC 27001: definição de políticas de segurança e gestão de riscos. A contribuição principal do trabalho é um modelo de suporte de segurança com o qual as organizações podem adaptar o seu SGSI e assim melhor protegerem suas informações frente ao cenário tecnológico externo descrito. Como contribuição secundária está a sugestão de uma análise unificada com foco em segurança das tendências tecnológicas desse cenário. / The technological scenario is an important factor to be considered while working with Information Security Management Systems (ISMS). However, in the latter years this scenario has changed deeply, increasing in complexity in a way not seen so far. Characterized mainly by the heavy use of ITC infrastructure outsourcing, cloud computing and mobility, the current external scenario creates big new security challenges. The typical approach to handle changes of scenarios in ISMSs is a risk assessment review and deployment of new security controls. However, when considering such a disruptive scenario, some risks may go unnoticed, due to the lack of knowledge of the elements introduced by this scenario. Because of that, deeper adaptations are needed, during the actual ISMS planning. Using the ISO/IEC 27001 as a reference, this research introduces a framework for the identification of these adaptations. To build this framework, risks related to each of the three technological trends mentioned were identified. These risks were compiled and analyzed together, searching for recurring themes of concern among them. To address each of these themes in the framework, ISMS adaptations suggested in the security literature and practice were identified. These adaptations were transformed in checkpoints to be verified during the execution of the two main activities of the ISO/IEC 27001 ISMS Plan phase: security policies definition and risk management. The main contribution of this research is a framework which can help organizations adapt their ISMSs and better protect their information in the technological scenario described. As a secondary contribution is the proposal of a unified security analysis of the distinct security trends of the external scenario.

Computação em nuvem

Gestão de riscos

Gestão de segurança da informação

Mobilidade

Políticas de segurança

Segurança da informação

Terceirização

Cloud computing

Information security

Information security management

Mobility

Outsourcing

Risk analysis

Security policies

Desenvolvimento de novos produtos considerando aspectos de confiabilidade, risco e ferramentas de qualidade. / New product development considering reliability, risk analysis and quality tools

Carlos Alberto Murad

16 June 2011

A intensa competição no mercado global e as constantes mudanças nas exigências dos clientes têm feito com que muitas empresas repensem seus processos de negócios não somente para sobreviver, mas também para se manterem competitivas no mercado atual. O processo de desenvolvimento de produtos é um fator importante para qualquer empresa se manter competitiva neste cenário. A falta de um bom processo de desenvolvimento de produtos é sem dúvida uma grande desvantagem para uma empresa. Somente um bom processo de desenvolvimento não garante a vantagem competitiva das empresas, é necessário também que seus produtos sejam confiáveis e para que isto aconteça torna-se essencial desenvolver produtos com qualidade, através do uso disciplinado e constante de ferramentas de qualidade. Para ser competitivo um produto precisa ser desenvolvido com o mínimo de tempo, recursos e custo, para atender às necessidades de mercado. Algumas metodologias foram desenvolvidas e estas focam no desenvolvimento de um produto sempre pensando nas necessidades da manufatura, montagem, qualidade, confiabilidade e ciclo de vida do produto, evitando mudanças tardias no produto. Muitos estudos acadêmicos e industriais têm sido propostos nesta área. Cada empresa deve encontrar e se adaptar ao processo ou modelo mais adequado para ela dentro das suas necessidades técnicas e culturais. Este estudo apresenta uma metodologia a ser usada para melhorar a qualidade do produto e deve ser usada quando da fase conceitual onde se escolhem os melhores sistemas e/ou componentes para formar um novo produto final. / The intense competition in global market along with constant changes in customers demands have forced companies to re-think some of their business processes, not only to survive, but also to stay competitive on this market. The product development process is one of the key business processes for any company to stay competitive and global on this scenario. The lack of a good development process is with no doubt a big disadvantage for any company. Only a good development process does not guarantee a competitive advantage for anyone, it becomes necessary to have reliable products in the field and to make this happens it is vital to develop products with quality through the use of quality tools in a constant and disciplined way. To be competitive, a product needs to be designed in a minimum amount of time, with minimum resources and cost. To meet market needs some methodologies were developed thinking on manufacturing, assembly, quality, reliability and life cycle avoiding late product changes. Many studies academic and industrial have been proposed in this area. Each company has to find and adapt the most appropriate model that fits its technical and cultural needs. This research presents a methodology to be used to improve product quality during the early phases of development when systems and/or components are chosen for a new product.

Análise de risco

Confiabilidade

DFMA

Ferramentas de qualidade

FMEA

FTA

Manutenção centrada em confiabilidade

DFMA

FMEA

FTA

Quality tools

Reliability

Reliability centered maintenance

Risk analysis

Performance shaping factor based human reliability assessment using valuation-based systems : application to railway operations / Évaluation de la fiabilité humaine basée sur des facteurs affectant la performance en utilisant un modèle graphique d'incertitude : application à l'exploitation ferroviaire

Rangra, Subeer

03 October 2017

L'homme reste l'un des éléments essentiels des opérations de transport modernes. Les méthodes d'analyse de la fiabilité humaine (HRA) fournissent une approche multidisciplinaire pour évaluer l'interaction entre les humains et le système. Cette thèse propose une nouvelle méthodologie HRA appelée PRELUDE (Performance shaping factor based human REliability assessment using vaLUation-baseD systems). Les facteurs de performance sont utilisés pour caractériser un contexte opérationnel dangereux. Le cadre de la théorie des fonctions de croyance et des systèmes d'évaluation (VBS) utilise des règles mathématiques pour formaliser l'utilisation de données d'experts et la construction d'un modèle de fiabilité humaine, il est capable de représenter toutes sortes d'incertitudes. Pour prédire la probabilité d'erreur humaine dans un contexte donné, et de fournir une remontée formelle pour réduire cette probabilité. La deuxième partie de ce travail démontre la faisabilité de PRELUDE avec des données empiriques. Un protocole pour obtenir des données à partir de simulateurs, et une méthode de transformation et d'analyse des données sont présentés. Une campagne expérimentale sur simulateur est menée pour illustrer la proposition. Ainsi, PRELUDE est en mesure d'intégrer des données provenant de sources (empiriques et expertes) et de types (objectifs et subjectifs) différents. Cette thèse aborde donc le problème de l'analyse des erreurs humaines, en tenant compte de l'évolution du domaine des méthodes HRA. Elle garde la facilité d'utilisation de l'industrie ferroviaire, fournissant des résultats qui peuvent facilement être intégrés avec les analyses de risques traditionnelles. Dans un monde de plus en plus complexe et exigeant, PRELUDE fournira aux opérateurs ferroviaires et aux autorités réglementaires une méthode permettant de s'assurer que le risque lié à l'interaction humaine est compris et géré de manière appropriée dans son contexte. / Humans are and remain one of the critical constituents of modern transport operations. Human Reliability Analysis (HRA) methods provide a multi-disciplinary approach: systems engineering and cognitive science methods to evaluate the interaction between humans and the system. This thesis proposes a novel HRA methodology acronymed PRELUDE (Performance shaping factor based human REliability assessment using vaLUation-baseD systEms). Performance shaping factors (PSFs) are used to characterize a dangerous operational context. The proposed framework of Valuation-based System (VBS) and belief functions theory (BFT) uses mathematical rules to formalize the use of expert data and construction of a human reliability model capable of representing all kinds of uncertainty. PRELUDE is able to predict the human error probability given a context, and also provide a formal feedback to reduce the said probability. The second part of this work demonstrates the feasibility of PRELUDE with empirical data from simulators. A protocol to obtain data, a transformation and data analysis method is presented. An experimental simulator campaign is carried out to illustrate the proposition. Thus, PRELUDE is able to integrate data from multiple sources (empirical and expert) and types (objective and subjective). This thesis, hence address the problem of human error analysis, taking into account the evolution of the HRA domain over the years by proposing a novel HRA methodology. It also keeps the rail industry’s usability in mind, providing a quantitative results which can easily be integrated with traditional risk analyses. In an increasingly complex and demanding world, PRELUDE will provide rail operators and regulatory authorities a method to ensure human interaction-related risk is understood and managed appropriately in its context.

Fonctions de croyances

Fiabilité humaine

Erreurs humaines

Belief functions theory

Human error

Human factors

Human reliability analysis

Human computer interaction

Risk analysis

Railway accident

Railway operations

Modelo de suporte a políticas e gestão de riscos de segurança voltado à terceirização de TIC, computação em nuvem e mobilidade. / Support framework for security policies and risk management focused on ITC outsourcing, cloud computing and mobility.

Malandrin, Leandro José Aguilar Andrijic

05 April 2013

O cenário tecnológico é um fator importante a ser considerado ao se trabalhar com Sistemas de Gestão de Segurança da Informação (SGSI). No entanto, nos últimos anos esse cenário se alterou profundamente, aumentando em complexidade de maneira até antes não vista. Caracterizado principalmente por tendências tecnológicas como a terceirização de infraestrutura de TIC, a computação em nuvem e a mobilidade, o cenário externo atual gera grandes novos desafios de segurança. A abordagem típica para tratar com mudanças de cenário em SGSIs é uma revisão da análise de riscos e a implantação de novos controles de segurança. No entanto, frente a um cenário tão disruptivo, riscos podem passar despercebidos, devido à falta de conhecimento sobre os novos elementos introduzidos por esse cenário. Por causa disso, adaptações mais profundas, durante o próprio planejamento do SGSI, são necessárias. Usando a norma de segurança ISO/IEC 27001 como referência, esse trabalho introduz um modelo de suporte que permite a identificação dessas adaptações. Para construir esse modelo, foram inicialmente levantados os riscos referentes a cada uma das três tendências tecnológicas listadas. Esses riscos foram compilados e analisados em conjunto, buscando a identificação de temas de preocupação recorrentes entre eles. Para endereçar cada um dos temas dentro do modelo de suporte, foram levantadas adaptações do SGSI sugeridas na literatura e na prática de segurança. Essas adaptações foram transformadas em pontos de checagem a serem observados durante a execução das duas atividades principais da fase de Planejamento do SGSI da ISO/IEC 27001: definição de políticas de segurança e gestão de riscos. A contribuição principal do trabalho é um modelo de suporte de segurança com o qual as organizações podem adaptar o seu SGSI e assim melhor protegerem suas informações frente ao cenário tecnológico externo descrito. Como contribuição secundária está a sugestão de uma análise unificada com foco em segurança das tendências tecnológicas desse cenário. / The technological scenario is an important factor to be considered while working with Information Security Management Systems (ISMS). However, in the latter years this scenario has changed deeply, increasing in complexity in a way not seen so far. Characterized mainly by the heavy use of ITC infrastructure outsourcing, cloud computing and mobility, the current external scenario creates big new security challenges. The typical approach to handle changes of scenarios in ISMSs is a risk assessment review and deployment of new security controls. However, when considering such a disruptive scenario, some risks may go unnoticed, due to the lack of knowledge of the elements introduced by this scenario. Because of that, deeper adaptations are needed, during the actual ISMS planning. Using the ISO/IEC 27001 as a reference, this research introduces a framework for the identification of these adaptations. To build this framework, risks related to each of the three technological trends mentioned were identified. These risks were compiled and analyzed together, searching for recurring themes of concern among them. To address each of these themes in the framework, ISMS adaptations suggested in the security literature and practice were identified. These adaptations were transformed in checkpoints to be verified during the execution of the two main activities of the ISO/IEC 27001 ISMS Plan phase: security policies definition and risk management. The main contribution of this research is a framework which can help organizations adapt their ISMSs and better protect their information in the technological scenario described. As a secondary contribution is the proposal of a unified security analysis of the distinct security trends of the external scenario.

Cloud computing

Computação em nuvem

Gestão de riscos

Gestão de segurança da informação

Information security

Information security management

Mobilidade

Mobility

Outsourcing

Políticas de segurança

Risk analysis

Security policies

Segurança da informação

Terceirização

Návrh metodiky bezpečnosti informací v podniku / Design of Information Security Methodology in the Company

Bartoš, Lukáš

January 2013

This thesis proposes a design of information security methodology in the company. After the theoretical bases of this thesis is introduced company for which is intended this work. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the measures to minimize the creation of possible risks in the company.

Risk Assessment of Dropped Cylindrical Objects in Offshore Operations

Steven, Adelina

18 May 2018

Dropped object are defined as any object that fall under its own weight from a previously static position or fell due to an applied force from equipment or a moving object. It is among the top ten causes of injuries and fatality in oil and gas industry. To solve this problem, several in-house tools and guidelines is developed over time to assess the risk of dropped objects on the sub-sea structures. This thesis focuses on compiling and comparing those methods in hope to improve the recommended practices available in the market. A simple modification is done on the in-house tools to better predict the landing point distribution of the dropped cylindrical objects on the seabed by imposing the random three-dimensional rotation around the water depth axis. This tool is then used to compare the result of annual hit frequency using the recommended practice and further compared with the available experimental data.

DROBS

DNV

Offshore Operations

Engineering Physics

Fluid Dynamics

Industrial Engineering

Numerical Analysis and Computation

Ocean Engineering

Probability

Risk Analysis

Development of Safety Standards for CubeSat Propulsion Systems

Cheney, Liam Jon

28 February 2014

The CubeSat community has begun to develop and implement propulsion systems. This movement represents a new capability which may satisfy mission needs such as orbital and constellation maintenance, formation flight, de-orbit, and even interplanetary travel. With the freedom and capability granted by propulsion systems, CubeSat providers must accept new responsibilities in proportion to the potential hazards that propulsion systems may present. The Cal Poly CubeSat program publishes and maintains the CubeSat Design Specification (CDS). They wish to help the CubeSat community to safety and responsibly expand its capabilities to include propulsive designs. For this reason, the author embarked on the task of developing a draft of safety standards CubeSat propulsion systems. Wherever possible, the standards are based on existing documents. The author provides an overview of certain concepts in systems safety with respect to the classification of hazards, determination of required fault tolerances, and the use of inhibits to satisfy fault tolerance requirements. The author discusses hazards that could exist during ground operations and through launch with respect to hazardous materials and pressure systems. Most of the standards related to Range Safety are drawn from AFSPCMAN 91-710. Having reviewed a range of hypothetical propulsion system architectures with an engineer from Range Safety at Vandenberg Air Force Base, the author compiled a case study. The author discusses many aspects of orbital safety. The author discusses the risk of collision with the host vehicle and with third party satellites along with the trackability of CubeSats using propulsion systems. Some recommendations are given for working with the Joint Functional Component Command for Space (JFCC SPACE), thanks to the input of two engineers who work with the Joint Space Operations Center (JSpOC). Command Security is discussed as an important aspect of a mission which implements a propulsion system. The author also discusses End-of-Life procedures such as safing and de-orbit operations. The orbital safety standards are intended to promote “good citizenship.” The author steps through each proposed standard and offers justification. The author is confident that these standards will set the stage for a dialogue in the CubeSat community which will lead to the formulation of a reasonable and comprehensive set of standards. The author hopes that the discussions given throughout this document will help CubeSat developers to visualize the path to flight readiness so that they can get started on the right foot.

CubeSat

propulsion

micropropulsion

safety

Range Safety

orbital safety

Aerospace Engineering

Engineering

Propulsion and Power

Risk Analysis

Space Vehicles

Systems Engineering

Management rizik u vybraných poskytovatelů zdravotních služeb / Risk management for selected healthcare providers.

KOCOUREK, Filip

January 2019

The goal of this thesis was to find out the current state of the operation of the risk management in selected health service providers. For this purpose, there was a questionnaire survey conducted together with a form of interview. There was created a questionnaire for selected health service providers (Annex 1). It was necessary to set certain criteria for the selection of the health services providers. The first criterion was to cover health service providers in the whole Czech Republic. The second criterion set that it should be a inpatient facility. The third criterion definded that only hospitals should be covered. The forth criterion excluded University Hospitals from the selected sample. The fifth criterion required that there will be hospitals with more than 400 medical beds in their facilities. Reviews of annual reports of hospitals were drawn up to implement all the criterions for selecting the sample of health services providers and there were excluded facilities with less than 400 medical beds. The theoretical part deals with health care in the Czech Republic defining the providers of health services and health care system. Furthermore, it deals with crisis management in health care including crisis preparedness of health care, crisis documentation and exercises. There was specified a health risk management and risk analysis methods. There was a questionnaire containing 13 closed and 12 opened questions created for selected providers of health services used in the practical part. The questionnaire was divided into five categories related to the definition of Act No. 240/2000 Coll., crisis management, namely analysis and evaluation of security risks, planning, organization, implementation, control of activities (Annex 1). The questionnaire was distributed via the Click4Survey internet portal, it was an online questionnaire and the interviewed persons were also contacted by telephone. The interviewees were persons engaged in risk management at a particular selected health service providers. There were 18 hospitals out of a total of 33 hospitals surveyed participated in the survey. The results were processed into graphs, tables and interpreted in the discussion section of the thesis. The goal of the thesis was "To find out the current state of the operation of the risk management in selected health service providers." The results show that, risk management in the hospitals surveyed does not reach sufficient knowledge and experience in some cases.