Online Library TheLib.net » Model-Driven Risk Analysis: The CORAS Approach

The term “risk” is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist. In this book, Lund, Solhaug and Stølen focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors’ aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support. The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.




The term “risk” is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist. In this book, Lund, Solhaug and St?len focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors’ aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support. The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.


The term “risk” is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist. In this book, Lund, Solhaug and St?len focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors’ aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support. The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.
Content:
Front Matter....Pages I-XVI
Front Matter....Pages 1-1
Introduction....Pages 3-13
Background and Related Approaches....Pages 15-21
A Guided Tour of the CORAS Method....Pages 23-43
Front Matter....Pages 45-45
The CORAS Risk Modelling Language....Pages 47-72
Preparations for the Analysis....Pages 73-79
Customer Presentation of the Target....Pages 81-94
Refining the Target Description Using Asset Diagrams....Pages 95-110
Approval of the Target Description....Pages 111-124
Risk Identification Using Threat Diagrams....Pages 125-145
Risk Estimation Using Threat Diagrams....Pages 147-163
Risk Evaluation Using Risk Diagrams....Pages 165-185
Risk Treatment Using Treatment Diagrams....Pages 187-203
Front Matter....Pages 205-205
Analysing Likelihood Using CORAS Diagrams....Pages 207-244
The High-level CORAS Language....Pages 245-282
Using CORAS to Support Change Management....Pages 283-296
The Dependent CORAS Language....Pages 297-317
Using CORAS to Analyse Legal Aspects....Pages 319-337
The CORAS Tool....Pages 339-346
Relating CORAS to the State of the Art....Pages 347-358
Back Matter....Pages 359-460


The term “risk” is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist. In this book, Lund, Solhaug and St?len focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors’ aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support. The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.
Content:
Front Matter....Pages I-XVI
Front Matter....Pages 1-1
Introduction....Pages 3-13
Background and Related Approaches....Pages 15-21
A Guided Tour of the CORAS Method....Pages 23-43
Front Matter....Pages 45-45
The CORAS Risk Modelling Language....Pages 47-72
Preparations for the Analysis....Pages 73-79
Customer Presentation of the Target....Pages 81-94
Refining the Target Description Using Asset Diagrams....Pages 95-110
Approval of the Target Description....Pages 111-124
Risk Identification Using Threat Diagrams....Pages 125-145
Risk Estimation Using Threat Diagrams....Pages 147-163
Risk Evaluation Using Risk Diagrams....Pages 165-185
Risk Treatment Using Treatment Diagrams....Pages 187-203
Front Matter....Pages 205-205
Analysing Likelihood Using CORAS Diagrams....Pages 207-244
The High-level CORAS Language....Pages 245-282
Using CORAS to Support Change Management....Pages 283-296
The Dependent CORAS Language....Pages 297-317
Using CORAS to Analyse Legal Aspects....Pages 319-337
The CORAS Tool....Pages 339-346
Relating CORAS to the State of the Art....Pages 347-358
Back Matter....Pages 359-460
....
Download the book Model-Driven Risk Analysis: The CORAS Approach for free or read online
Read Download
Continue reading on any device:
QR code
Last viewed books
Related books
Comments (0)
reload, if the code cannot be seen