By Mass Soldal Lund

The time period “risk” is understood from many fields, and we're used to references to contractual hazard, fiscal chance, operational threat, criminal danger, defense threat, and so on. We behavior hazard research, utilizing both offensive or protecting ways to spot and investigate possibility. Offensive techniques are involved in balancing strength achieve opposed to chance of funding loss, whereas protecting ways are taken with maintaining resources that exist already. during this ebook, Lund, Solhaug and Stølen specialise in shielding threat research, and extra explicitly on a specific method known as CORAS. CORAS is a model-driven strategy for protective hazard research that includes a tool-supported modelling language specifically designed to version hazards. Their publication serves as an advent to possibility research commonly, together with the principal recommendations and notions in possibility research and their relatives. The authors’ goal is to help hazard analysts in undertaking established and stepwise probability research. To this finish, the e-book is split into 3 major components. half I of the e-book introduces and demonstrates the imperative innovations and notation utilized in CORAS, and is essentially example-driven. half II provides an intensive description of the CORAS approach and modelling language. After having accomplished this a part of the e-book, the reader should still understand sufficient to exploit the strategy in perform. eventually, half III addresses concerns that require particular realization and remedy, yet nonetheless are usually encountered in real-life probability research and for which CORAS bargains worthwhile recommendation and information. This half additionally encompasses a brief presentation of the CORAS software help. the focus teams of the e-book are IT practitioners and scholars at graduate or undergraduate point. they are going to delight in a concise creation into the rising box of danger research, supported through a legitimate method, and accomplished with a variety of examples and exact guidelines.

Show description

Read Online or Download Model-Driven Risk Analysis: The CORAS Approach PDF

Similar network security books

IPSec (2nd Edition)

IPSec, moment version is the main authoritative, finished, obtainable, and updated advisor to IPSec expertise. top specialists hide all features of IPSec structure, implementation, and deployment; evaluate vital technical advances considering that IPSec used to be first standardized; and current new case experiences demonstrating end-to-end IPSec defense.

A Survey of Data Leakage Detection and Prevention Solutions

SpringerBriefs current concise summaries of state-of-the-art examine and useful purposes throughout a large spectrum of fields. that includes compact volumes of fifty to a hundred pages (approximately 20,000- 40,000 words), the sequence covers various content material from specialist to educational. Briefs permit authors to provide their rules and readers to take in them with minimum time funding.

Unified Communications Forensics. Anatomy of Common UC Attacks

Unified Communications Forensics: Anatomy of universal UC assaults is the 1st ebook to give an explanation for the problems and vulnerabilities and reveal the assaults, forensic artifacts, and countermeasures required to set up a safe (UC) setting. This ebook is written via best UC specialists Nicholas furnish and Joseph W.

CCSP Self-Study CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide

Community defense is a truly complicated company. The Cisco pics Firewall plays a few very particular capabilities as a part of the protection approach. you will need to to be acquainted with many networking and community protection thoughts earlier than you adopt the CSPFA certification. This ebook is designed for safety pros or networking pros who're attracted to starting the safety certification method.

Extra resources for Model-Driven Risk Analysis: The CORAS Approach

Sample text

The National Ministry of Health is concerned whether the patient privacy is sufficiently protected, and hires a risk analysis consultancy company to conduct a risk analysis of the cardiology system with particular focus on privacy. The consultancy company appoints a team of two consultants to do the job. They are in the following referred to as “the analysts” and assigned the roles of risk analysis leader and risk analysis secretary, respectively. As a first step, the analysis leader organises a preparatory meeting with a representative from the ministry.

During this presentation, the participants representing the customer make corrections and eliminate errors, so that the result is a target description that all parties can agree upon. In the class diagram and the collaboration diagram, the analysis leader has also indicated what he understands is the scope of the analysis. After agreeing on a target description, the analysis moves on to asset identification. An asset is something in or related to the target to which the customer or other party of the analysis assigns great value.

Structured brainstorming may be understood as a structured walk-through 34 3 A Guided Tour of the CORAS Method of the target of analysis and is carried out as a workshop. The main idea of structured brainstorming is that since the participants of the analysis represent different competences, backgrounds and interests, they will view the target from different perspectives and consequently identify more, and possibly other, risks than individuals or a more homogeneous group would have managed. The findings of the brainstorming are documented using CORAS threat diagrams, which are the second kind of diagrams offered by the CORAS risk modelling language.

Download PDF sample

Rated 4.99 of 5 – based on 35 votes