The Quantitative System-Level Security (QSLS) methodology computes a Level of Support metric that quantifies how well a system architecture aligns with key characteristics, quality attributes and business drivers. This white paper explores how the gap between the Level of Support and perfect support (1.0) represents residual architectural risk.
Level of Support Computation
QSLS calculates the Level of Support by analyzing the correlation between the system's architectural mechanisms and desired characteristics, characteristic types, quality attributes, quality attribute sub attributes and business drivers. The Level of Support ranges from 0 to 1, with 1 representing perfect architectural support.
Interpreting the Support Gap
The difference between the Level of Support and 1 can be viewed as a measure of residual risk in the system architecture. This gap highlights areas where the architecture may not fully deliver on intended the element such as characteristics, quality attributes or business objectives.
For example, if the Level of Support for Reliability is 0.6, there is a 0.4 gap (1 - 0.6) that represents the residual risk of the system not meeting its reliability goals due to architectural limitations.
Prioritizing Architectural Improvements
Quantifying the Level of Support gap helps identify and prioritize areas for architectural enhancement. Focusing on mechanisms that address the largest gaps can yield the greatest risk reduction and alignment with quality attribute and business driver targets.
Risk-Driven Architectural Decision Making
Interpreting QSLS Level of Support as a risk measure empowers architects to make data-driven decisions. By iterating architectural designs and comparing the resulting Levels of Support, architects can converge on solutions that optimize alignment with key objectives while minimizing risk.
Communicating Architectural Risk
Expressing the Level of Support gap as residual risk enables clear communication with stakeholders. Quantitative risk metrics resonate with business and management stakeholders, facilitating productive discussions about architectural tradeoffs, risk appetite, and improvement priorities.
Conclusion
QSLS Level of Support provides valuable insights into architectural risk when interpreted as the gap between computed and perfect support. This quantitative, risk-based perspective enhances architectural decision making, prioritization, and stakeholder communication. By systematically analyzing and reducing the Level of Support gap, architects can deliver systems that better align with quality goals and business needs while effectively managing architectural risk.
Comments