Modular analysis and modelling of risk scenarios with dependencies
Journal of Systems and Software
An evaluation of the graphical modeling framework (GMF) based on the development of the CORAS tool
ICMT'11 Proceedings of the 4th international conference on Theory and practice of model transformations
A method for security governance, risk, and compliance (GRC): a goal-process approach
Foundations of security analysis and design VI
Risk analysis of changing and evolving systems using CORAS
Foundations of security analysis and design VI
Towards legal privacy risk assessment and specification
TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Evolutionary risk analysis: expert judgement
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Orchestrating security and system engineering for evolving systems
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability
Proceedings of the 2012 workshop on New security paradigms
Model-driven architectural risk analysis using architectural and contextualised attack patterns
Proceedings of the Workshop on Model-Driven Security
Comparing risk identification techniques for safety and security requirements
Journal of Systems and Software
Compositional verification of application-level security properties
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
An approach to select cost-effective risk countermeasures
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Hi-index | 0.00 |
The term risk is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist.In this book, Lund, Solhaug and Stlen focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support.The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.