CORAS methodology for model-based risk asessment
نویسندگان
چکیده
This report provides the final version of the CORAS methodology for model-based risk assessment (MBRA). The CORAS methodology for MBRA ispresented in terms of concrete recommendations and layered guidelines, aswell as templates and supportive descriptions. D2.4 also provides a refinedsub-specification for the CORAS Platform. Finally, the report includes andrefines the experience and feedback from the e-commerce and telemedicinetrials.
منابع مشابه
Towards a UML Profile for Model-Based Risk Assessment
The EU-funded CORAS project (IST-2000-25031) is developing a framework for model-based risk assessment of security-critical systems. This framework is characterised by: (1) A careful integration of aspects from partly complementary risk assessment methods. (2) Guidelines and methodology for the use of UML to support and direct the risk assessment methodology. (3) A risk management process based...
متن کاملThe CORAS approach for model-based risk management applied to a telemedicine service
The CORAS risk management process is based on the Australian standard for risk management and aims at improved methodology for precise, unambiguous, and efficient risk assessment of security critical systems. CORAS addresses security critical systems in general, but places particular emphasis on IT security. For CORAS, a system is not just technology, but also the humans interacting with the te...
متن کاملExperiences from Using the CORAS Methodology to Analyze a Web Application
EXECUTIVE SUMMARY During a field trial performed at the Norwegian telecom company NetCom from May 2003 to July 2003, a methodology for model-based risk analysis was assessed. The chosen methodology was the CORAS methodology (CORAS, 2000), which has been developed in a European research project carried out by 11 European companies and research institutes partly funded by the European Union. The ...
متن کاملModel-based security analysis in seven steps a guided tour to the CORAS method
This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the COR...
متن کاملThe coras approach for model-based risk management applied to e-commerce domain
The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable tool-integration platform. The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardi...
متن کامل