1,772 Hits in 4.5 sec

The CORAS Framework for a Model-Based Risk Management Process [chapter]

Rune Fredriksen, Monica Kristiansen, Bjørn Axel Gran, Ketil Stølen, Tom Arthur Opperud, Theo Dimitrakos
2002 Lecture Notes in Computer Science  
One of the main objectives of CORAS is to develop a practical framework, exploiting methods for risk analysis, semiformal methods for object-oriented modelling, and computerised tools, for a precise, unambiguous  ...  This paper presents the CORAS framework and the related conclusions from the CORAS project so far.  ...  The CORAS framework for a model-based risk management process has four main anchor-points, a system documentation framework based on the Reference Model for Open Distributed Processing (RM-ODP) [3] ,  ... 
doi:10.1007/3-540-45732-1_11 fatcat:qsk75mgouna5njnfseksgefodm

The CORAS Approach for OPM Based Risk Management

2018 DEStech Transactions on Engineering and Technology Research  
This paper presents an overview of the CORAS framework based on OPM paradigm and provides an example of risk analyses to show how the CORAS framework works in risk management process.  ...  The CORAS approach supports a model-based risk assessment on security critical systems.  ...  OPM Based Representation of CORAS Framework The CORAS framework for a risk management process based on model includes four parts: a system documentation framework, a model-based risk management process  ... 
doi:10.12783/dtetr/pmsms2018/24940 fatcat:oiiqcv6og5cvfo6j7jv4twok74

Integrating Model-based Security Risk Management into eBusiness Systems Development [chapter]

Theo Dimitrakos, Brian Ritchie, Dimitris Raptis, Jan Øyvind Aagedal, Folker den Braber, Ketil Stølen, Siv Hilde Houmb
2003 IFIP Advances in Information and Communication Technology  
In this paper we provide an overview of the CORAS framework for model-based risk assessment, emphasising the pursued integration of risk management and semiformal modelling throughout the evolution of  ...  CORAS is a European project which is developing a tool-supported framework for precise, unambiguous, and efficient risk assessment of security critical systems.  ...  The main output of the CORAS project is a framework for model-based risk assessment having four anchor points: 1. A risk management process based on the AS/NZS 4360 standard. 2.  ... 
doi:10.1007/978-0-387-35617-4_11 fatcat:nvcsw5w3gfejhlqmy6ms6e75pu

The Coras Approach for Model-Based Risk Management Applied to E-Commerce Domain [chapter]

Dimitris Raptis, Theo Dimitrakos, Bjørn Axel Gran, Ketil Stølen
2002 IFIP Advances in Information and Communication Technology  
The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods,  ...  The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardised security risk management process, and it is supported by  ...  The CORAS project is partially funded by the European Commission under the FP5 Information Society Technologies Programme (1ST) by Contract no. 1ST -2000-25031.  ... 
doi:10.1007/978-0-387-35612-9_13 fatcat:iw6skypplvdf7neyqlxbrk2uia

Risk assessment of a cardiology eHealth service in HYGEIAnet

N. Stathiakis, C.E. Chronaki, E. Skipenes, E. Henriksen, E. Charalambus, A. Sykianakis, G. Vrouchos, N. Antonakis, M. Tsiknakis, S. Orphanoudakis
2003 Computers in Cardiology, 2003  
A Risk Assessment (RA) framework was employed to determine what protection would be adequate and reasonable for the assets of a cardiology eHealth service deployed on the island of Crete.  ...  The CORAS approach The main result of the CORAS project is the CORAS framework. The framework is characterized by: (1) A careful integration of aspects from partly complementary 0276−6547/03 $17.00  ...  Acknowledgements The work reported in this paper was supported by the CORAS, a European R&D project funded by the 5th framework program on Information Society Technologies (IST-2000-25031).  ... 
doi:10.1109/cic.2003.1291125 fatcat:e4f7mcvha5c53l5vukq5234m34

Domain Specific Simulation Language For IT Risk Assessment

Artis Teillans, Arnis Kleins, Ojars Krasts, Andrejs Romanovs, Yuri Merkuryev, Pjotrs Dorogovs
2011 ECMS 2011 Proceedings edited by: T. Burczynski, J. Kolodziej, A. Byrski, M. Carvalho  
As a novelty for UML modelling, especially for simulation purposes, the presented DSL is enriched by a set of stochastic attributes of modelled activities.  ...  risk management extensions.  ...  The proposed technique for IT risk assessment and management could be successfully used as a start point for development of the IT risks assessment support systems prototype, based on an IT risk management  ... 
doi:10.7148/2011-0342-0347 dblp:conf/ecms/TeilansKKRMD11 fatcat:7bgkzceoevc5dol6kwuyqaehuu

Towards Empirical Evaluation of Automated Risk Assessment Methods [chapter]

Olga Gadyatskaya, Katsiaryna Labunets, Federica Paci
2017 Lecture Notes in Computer Science  
Security risk assessment methods are numerous, and it might be confusing for organizations to select one.  ...  In this paper we evaluate the recent TREsPASS semi-automated risk assessment method with respect to the factors identified as critical in several controlled experiments.  ...  As both CORAS and TREsPASS are model-based, and they rely on model transformations as a part of their processes, change management is crucial.  ... 
doi:10.1007/978-3-319-54876-0_6 fatcat:ruykr5fvoja67bsemyzvdyiyti

The CORAS Tool for Security Risk Analysis [chapter]

Fredrik Vraalsen, Folker den Braber, Mass Soldal Lund, Ketil Stølen
2005 Lecture Notes in Computer Science  
The CORAS Tool for model-based security risk analysis supports documentation and reuse of risk analysis results through integration of different risk analysis and software development techniques and tools  ...  Built-in consistency checking facilitates the maintenance of the results as the target of analysis and risk analysis results evolve.  ...  Acknowledgements The work on which this paper reports has partly been carried out within the context of the EU-projects TrustCoM (IST-2003-01945) and CORAS (IST-2000-25031) as well as the SECURIS (152839  ... 
doi:10.1007/11429760_30 fatcat:7t6kg2ymybd6xexygqrn7nmpqm

A security event description of intelligent applications in edge-cloud environment

Qianmu Li, Xiaochun Yin, Shunmei Meng, Yaozong Liu, Zijian Ying
2020 Journal of Cloud Computing: Advances, Systems and Applications  
Based on the edge-cloud environment, this paper combines the advantages of CORAS modeling and analysis with Object-oriented Petri-net theory, and proposes a COP (CORASbased Object-oriented Petri-net)-based  ...  The control layer is responsible for the centralized management of network edge nodes. After acquiring the entire network topology, it can automatically generate a visualized network structure.  ...  Acknowledgements We want to thank the authors of the literature cited in this paper for contributing useful ideas to this study.  ... 
doi:10.1186/s13677-020-00171-0 fatcat:ihjnutmiwbbodjl3mfii3dcoqy

Security Requirement Engineering Issues in Risk Management

Dhirendra Pandey, Ugrasen Suman, A. K. Ramani
2011 International Journal of Computer Applications  
The aim of this paper is to provide some models and methods to identify and include security in the early stage of software development process.  ...  Risk management is one of the most important aspects of security requirement engineering domain, which allows comparing security needs and costs of security measures.  ...  Risk management methods are considered as semiformal and are often a good process for a risk assessment.  ... 
doi:10.5120/2218-2827 fatcat:7bpgwhjmwjgqziaacsfa7ojc5e

A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering [chapter]

Denisse Muñante, Vanea Chiprianov, Laurent Gallon, Philippe Aniorté
2014 Lecture Notes in Computer Science  
One domain dealing also with eliciting security requirements is Risk Analysis (RA). Therefore, we perform a review of SRE methods in order to analyse which ones are compatible with RA processes.  ...  Consequently, our review is based on criteria derived partially from existing survey works, further enriched and specialized in order to evaluate the compatibility of SRE methods with the disciplines of  ...  (g) CORAS [15] : is a model-based method for security risk analysis.  ... 
doi:10.1007/978-3-319-10975-6_6 fatcat:hwxybyaa35a6dfzd4tdi33edza

Assessment of Cyber Physical System Risks with Domain Specific Modelling and Simulation

Artis Andreevich Teilans, Andrejs Vasil'evich Romanovs, Yuri Anatolievich Merkuryev, Pjotrs Petrovich Dorogovs, Arnis Yanovich Kleins, Semen Alekseevich Potryasaev
2018 Труды СПИИРАН  
Design of a unified modelling language based domain specific language described in this paper achieves synergy from in IT industry widely used UML modelling technique and the domain specific risk management  ...  As a novelty for UML modelling, especially for simulation purposes, the presented DSL is enriched by a set of stochastic attributes of modelled activities.  ...  The research described in Section 5 supported by the state research #0073-2018-0003 (# of state registr. AAAA-A16-116030250074-1).  ... 
doi:10.15622/sp.59.5 fatcat:6j26mrtfuncmnfn5ljns7d7owa

Information Security Risk Analysis Methods for Healthcare Systems

2020 International Journal of Engineering and Advanced Technology  
There are many systems implemented for information security and risk management for information protection.  ...  The healthcare system process structure and variation are advocated, in which operating performance indication is based on risk scaling factor so that dynamic information security risk analysis is needed  ...  Reference [7] are presented the risk management for healthcare organization based on an enterprise model.  ... 
doi:10.35940/ijeat.a1691.1010120 fatcat:pzaqgewbpfhtfbso657q3mxnty

CORAS for the Research of ISAC

Ya-Ping Fu, Kwo-Jean Farn, Chung-Huang Yang
2008 2008 International Conference on Convergence and Hybrid Information Technology  
Because the differences between critical infrastructures are quite large and the sources of the workflow processes and threats are not quite the same, a public tool is required for such establishment.  ...  This research discusses how to use Consultative Objective Risk Analysis System (CORAS) to establish ISAC of critical infrastructures and takes a telecom company as an example to simulate episodes of possible  ...  The documentation of CORAS is based on Reference Model for Open Distributed Processing (RM-ODP).  ... 
doi:10.1109/ichit.2008.276 fatcat:l6yokngxazctxfhvospufaiudi


Md Tarique Jamal Ansari*1, Dhirendra Pandey2 & Naseem Ahmad Khan3
2020 Zenodo  
This paper presents a comparative literature analysis of several existing security requirements engineering approaches for the development of secure software application.  ...  Security Requirements Engineering is one of the most important parts of the software development lifecycle that assist the software developer in developing a quality cost effective software application  ...  In the CORAS methodology, an outdated risk management process is combined with UP, which is a well-accepted system development process.  ... 
doi:10.5281/zenodo.3596327 fatcat:lqghlajcine4xe23xn2ma3xbha
« Previous Showing results 1 — 15 out of 1,772 results