Hagenberg Risk Management Process (Part 2): From Context-Sensitive Triage to Case Analysis With Bowtie and Bayesian Networks

TL;DR

This paper introduces a comprehensive risk management process that combines context-sensitive risk prioritization, Bowtie analysis, and Bayesian networks to enhance transparency and operational decision-making in complex systems.

Contribution

It presents an integrated, traceable workflow that links broad risk screening with detailed analysis and modeling, improving resilience management and decision support.

Findings

Effective risk prioritization across operational states

Structured cause-consequence analysis with Bowtie models

Automated Bayesian network generation from Bowties

Abstract

Risk matrices (heatmaps) are widely used for information and cyber risk management and decision-making, yet they are often too coarse for today's resilience-driven organizational and system landscapes. Likelihood and impact (the two dimensions represented in a heatmap) can vary with operational conditions, third-party dependencies, and the effectiveness of technical and organizational controls. At the same time, organizations cannot afford to analyze and operationalize every identified risk with equal depth using more sophisticated methods, telemetry, and real-time decision logic. We therefore propose a traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks. The Hagenberg Risk Management Process presented in this paper integrates three steps: (i) context-aware prioritization using multidimensional polar heatmaps to compare risks across multiple operational states, (ii) Bowtie analysis for triaged risks to structure causes, consequences, and barriers, and (iii) an automated transformation of Bowties into directed acyclic graphs as the structural basis for Bayesian networks. A distinctive feature is the explicit representation of barriers as activation nodes in the resulting graph, making control points visible and preparing for later intervention and what-if analyses. The approach is demonstrated on an instant-payments gateway scenario in which a faulty production change under peak load leads to cascading degradation and transaction loss; DORA serves as the reference framework for resilience requirements. The result is an end-to-end, tool-supported workflow that improves transparency, auditability, and operational readiness from prioritization to monitoring-oriented models.