The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Assessing Enterprise Risk Level: The CORAS Approach
|
|
Author(s): Fredrik Vraalsen (SINTEF, Norway)and Tobias Mahler (Norweigan Research Center for Compuers and Law, University of Oslo, Norway)
Copyright: 2007
Pages: 23
Source title:
Advances in Enterprise Information Technology Security
Source Author(s)/Editor(s): Djamel Khadraoui (Public Research Centre Henri Tudor, Luxembourg )and Francine Herrmann (University Paul Vertaine-Metz, France)
DOI: 10.4018/978-1-59904-090-5.ch018
Purchase
|
Abstract
This chapter gives an introduction to the CORAS approach for model-based security risk analysis. It presents a guided walkthrough of the CORAS risk analysis process based on examples from risk analysis of security, trust and legal issues in a collaborative engineering virtual organisation. CORAS makes use of structured brainstorming to identify risks and treatments. To get a good picture of the risks, it is important to involve people with different insight into the target being analysed, such as end users, developers, and managers. One challenge in this setting is to bridge the communication gap between the participants, who typically have widely different backgrounds and expertise. The use of graphical models supports communication and understanding between these participants. The CORAS graphical language for threat modelling has been developed especially with this goal in mind.
Related Content
|
Margee Hume, Paul Johnston.
© 2017.
19 pages.
|
|
Jessy Nair, D. Bhanu Sree Reddy.
© 2017.
27 pages.
|
|
Joseph R. Muscatello, Diane H. Parente, Matthew Swinarski.
© 2017.
19 pages.
|
|
Klaus Wölfel.
© 2017.
33 pages.
|
|
Rui Pedro Marques.
© 2017.
21 pages.
|
|
Ebru E. Saygili, Arikan Tarik Saygili.
© 2017.
17 pages.
|
|
Aparna Raman, D. P. Goyal.
© 2017.
41 pages.
|
|
|