Chris W. Johnson

Learn More
National and international organisations including NIST and ENISA have published guidance that is intended to help organisations respond to, and recover from, cyber incidents. They provide detailed information about contingency planning, about the processes needed to gather and analyse evidence, about appropriate ways to disseminate the findings from(More)
involving the application of formal notations to analyse accident reports has shown that the quality of these accident reports is poor, so much so that their conclusions can be misleading. The proposed solution has been to use formal notations in combination with traditional analysis to produce a report, the conclusions of which can be veriied by formal(More)
Mishap investigations provide important information about adverse events and are intended to help avoid any recurrence of previous failures. However, the complexity of many safety critical systems poses new challenges for mishap analysis. Similarly, the recognition that many failures have complex, systemic causes has helped to widen the scope of many mishap(More)
The quality of the design of an interactive safety-critical system can be enhanced by embedding data and knowledge from past experiences. Traditionally, this involves applying scenarios, usability analysis, or the use of metrics for risk analysis. In this paper, we present an approach that uses the information from incident investigations to inform the(More)
Many safety-critical applications rely upon complex interaction between computer systems and their users. When accidents occur , regulatory bodies are called upon to investigate the causes of userèrror' and system`failure'. Reports are drawn up so that the designers and operators of future systems will not repeat pre-vious`mistakes'. These documents present(More)