Skip to main content
SpringerLink
Log in
Book cover

Model-Driven Risk Analysis

The CORAS Approach

  • Book
  • © 2011

Overview

Authors:
  1. Mass Soldal Lund

    1. SINTEF ICT, Oslo, Norway

    View author publications

    You can also search for this author in PubMed   Google Scholar

  2. Bjørnar Solhaug

    1. SINTEF ICT, Oslo, Norway

    View author publications

    You can also search for this author in PubMed   Google Scholar

  3. Ketil Stølen

    1. SINTEF ICT, Oslo, Norway

    View author publications

    You can also search for this author in PubMed   Google Scholar

  • Concise introduction into risk analysis
  • Presentation of the only model-based risk modelling method and language, CORAS
  • With numerous examples and detailed guidelines for structured and stepwise risk analysis
  • Includes supplementary material: sn.pub/extras

This is a preview of subscription content, log in via an institution to check access.

Access this book

Log in via an institution
eBook USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Other ways to access

Licence this eBook for your library

Institutional subscriptions

Table of contents (19 chapters)

  1. Front Matter

    Pages I-XVI
    Download chapter PDF

  2. Introductory Overview

    1. Front Matter

      Pages 1-1
      Download chapter PDF

    2. Introduction

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 3-13

    3. Background and Related Approaches

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 15-21

    4. A Guided Tour of the CORAS Method

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 23-43

  3. Core Approach

    1. Front Matter

      Pages 45-45
      Download chapter PDF

    2. The CORAS Risk Modelling Language

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 47-72

    3. Preparations for the Analysis

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 73-79

    4. Customer Presentation of the Target

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 81-94

    5. Refining the Target Description Using Asset Diagrams

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 95-110

    6. Approval of the Target Description

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 111-124

    7. Risk Identification Using Threat Diagrams

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 125-145

    8. Risk Estimation Using Threat Diagrams

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 147-163

    9. Risk Evaluation Using Risk Diagrams

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 165-185

    10. Risk Treatment Using Treatment Diagrams

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 187-203

  4. Selected Issues

    1. Front Matter

      Pages 205-205
      Download chapter PDF

    2. Analysing Likelihood Using CORAS Diagrams

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 207-244

    3. The High-level CORAS Language

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 245-282

    4. Using CORAS to Support Change Management

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 283-296

    5. The Dependent CORAS Language

      • Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen
      Pages 297-317
Back to top

Keywords

About this book

The term “risk” is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist. In this book, Lund, Solhaug and Stølen focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors’ aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support. The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.

Reviews

"The book is quite well organized [...]. Graduate students and researchers unfamiliar with risk assessment techniques and risk management issues will find [it] illuminating." ACM Computing Reviews, Sandeep Shukla, June 2012

Authors and Affiliations

  • SINTEF ICT, Oslo, Norway

    Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen

About the authors

Ketil Stølen is Chief Scientist at SINTEF ICT, Oslo, Norway, where he leads the Group for Quality and Security Technology at the Department for Cooperative and Trusted Systems. Mass Soldal Lund is a researcher this group, specialising on risk analysis and thread modeling. Bjørnar Solhaug is a PhD student at the Department of Information Science and Media Studies, University of Bergen, Norway, and SINTEF ICT, working on formal languages for the specification of trust management policies.

Bibliographic Information

Publish with us

Policies and ethics

Back to top

Search

Navigation