Traditional system documentation focuses on the behaviour or functionality we would like the system or application to provide. However, it is equally important to document the undesirable behaviour; what happens when things goes wrong. Moreover, this documentation must be unambiguous and easy to read and understand for the different stakeholders involved. SINTEF has developed a graphical langua...

This chapter presents a guided tour of the CORAS method. As illustrated by Fig. 3.1, the CORAS method is divided into eight steps. The first four of these steps are introductory in the sense that we use them to establish a common understanding of the target of the analysis, and to make the target description that will serve as a basis for the subsequent risk identification. The introductory ste...

Risk-driven development focus on identifying and treating risks as an integrated part of the development process. One then obtain an adequate security level by treating security issues at the right time for the correct cost throughout the development. The EU IST-project CORAS has developed an integrate risk management and system development process for security-critical systems based on AS/NZS ...

The paper makes two main contributions: (1) It presents experiences from using the CORAS language for security threat modelling to specify legal risk scenarios. These experiences are summarised in the form of requirements to a more expressive language providing specific support for the legal domain. (2) Its second main contribution is to present ideas towards the fulfilment of these requirement...

This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the COR...

Risk analysis involves people with different roles and competences. The validity of the outcome depends on that they are able to communicate; ideally between themselves, but at least with or via a risk analyst. The CORAS risk modeling language has been developed to facilitate communication between stakeholders involved in the various stages of risk analysis. This article reports the results fro...

This paper describes a novel framework for a risk management process involving a model-based approach, developed as the main objective of CORAS (IST-200

The main objective of the CORAS project is to provide methods and tools for precise, unambiguous, and efficient risk assessment of security critical systems. To this end, we advocate a model-based approach to risk assessment, and this paper attempts to define the required models for this. Whereas traditional risk assessment is performed without any formal description of the target of evaluation...