The CORAS Framework for a Model-Based Risk Management Process
نویسندگان
چکیده
CORAS is a research and technological development project under the Information Society Technologies (IST) Programme (Commission of the European Communities, Directorate-General Information Society). One of the main objectives of CORAS is to develop a practical framework, exploiting methods for risk analysis, semiformal methods for object-oriented modelling, and computerised tools, for a precise, unambiguous, and efficient risk assessment of security critical systems. This paper presents the CORAS framework and the related conclusions from the CORAS project so far.
منابع مشابه
The coras approach for model-based risk management applied to e-commerce domain
The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable tool-integration platform. The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardi...
متن کاملTowards a UML Profile for Model-Based Risk Assessment
The EU-funded CORAS project (IST-2000-25031) is developing a framework for model-based risk assessment of security-critical systems. This framework is characterised by: (1) A careful integration of aspects from partly complementary risk assessment methods. (2) Guidelines and methodology for the use of UML to support and direct the risk assessment methodology. (3) A risk management process based...
متن کاملModel Based Risk Management of Security Critical Systems
This paper describes a novel framework for a risk management process involving a model-based approach, developed as the main objective of CORAS (IST-200
متن کاملThe CORAS approach for model-based risk management applied to a telemedicine service
The CORAS risk management process is based on the Australian standard for risk management and aims at improved methodology for precise, unambiguous, and efficient risk assessment of security critical systems. CORAS addresses security critical systems in general, but places particular emphasis on IT security. For CORAS, a system is not just technology, but also the humans interacting with the te...
متن کاملBuilding an Experience Factory for a Model-based Risk Analysis Framework
This paper describes the integration of an experience factory in a modelbased risk analysis framework called CORAS. CORAS aims at developing a new model-based risk analysis framework for security critical application. The framework’s cornerstone of combining methods for risk analysis of critical systems and semiformal modelling methods in a tool-supported environment targeting openness and inte...
متن کامل