Risk Analysis of Changing and Evolving Systems Using CORAS
نویسندگان
چکیده
Risk analysis is the identification and documentation of risks with respect to an organisation or a target system. Established risk analysis methods and guidelines typically focus on a particular system configuration at a particular point in time. The resulting risk picture is then valid only at that point in time and under the assumptions made when it was derived. However, systems and their environments tend to change and evolve over time. In order to appropriately handle change, risk analysis must be supported with specialised techniques and guidelines for modelling, analysing and reasoning about changing risks. In this paper we introduce general techniques and guidelines for managing risk in changing systems, and then instantiate these in the CORAS approach to model-driven risk analysis. The approach is demonstrated by a practical example based on a case study from the Air Traffic Management (ATM) domain.
منابع مشابه
The CORAS Framework for a Model-Based Risk Management Process
CORAS is a research and technological development project under the Information Society Technologies (IST) Programme (Commission of the European Communities, Directorate-General Information Society). One of the main objectives of CORAS is to develop a practical framework, exploiting methods for risk analysis, semiformal methods for object-oriented modelling, and computerised tools, for a precis...
متن کاملModel Based Security Risk Analysis for Web Applications
Security evaluation and security assurance are important aspects of trust in e-business. CORAS is a European project which is developing a tool-supported framework for precise, unambiguous, and efficient risk assessment of security critical systems. The framework is obtained through adapting, refining, extending, and combining methods for risk analysis of critical systems and semiformal modelli...
متن کاملThe CORAS approach for model-based risk management applied to a telemedicine service
The CORAS risk management process is based on the Australian standard for risk management and aims at improved methodology for precise, unambiguous, and efficient risk assessment of security critical systems. CORAS addresses security critical systems in general, but places particular emphasis on IT security. For CORAS, a system is not just technology, but also the humans interacting with the te...
متن کاملThe coras approach for model-based risk management applied to e-commerce domain
The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable tool-integration platform. The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardi...
متن کاملUsing Dependent CORAS Diagrams to Analyse Mutual Dependency
The CORAS method for security risk analysis provides a customized language, the CORAS diagrams, for threat and risk modelling. In this paper, we extend this language to capture context dependencies, and use it as a means to analyse mutual dependency. We refer to the extension as dependent CORAS diagrams. We de ne a textual syntax using EBNF and explain how a dependent CORAS diagram may be schem...
متن کامل