Assessing Enterprise Risk Level: The CORAS Approach

Assessing Enterprise Risk Level: The CORAS Approach

Fredrik Vraalsen (SINTEF, Norway) and Tobias Mahler (Norweigan Research Center for Compuers and Law, University of Oslo, Norway)
Copyright: © 2007 |Pages: 23
DOI: 10.4018/978-1-59904-090-5.ch018
OnDemand PDF Download:
$37.50

Abstract

This chapter gives an introduction to the CORAS approach for model-based security risk analysis. It presents a guided walkthrough of the CORAS risk analysis process based on examples from risk analysis of security, trust and legal issues in a collaborative engineering virtual organisation. CORAS makes use of structured brainstorming to identify risks and treatments. To get a good picture of the risks, it is important to involve people with different insight into the target being analysed, such as end users, developers, and managers. One challenge in this setting is to bridge the communication gap between the participants, who typically have widely different backgrounds and expertise. The use of graphical models supports communication and understanding between these participants. The CORAS graphical language for threat modelling has been developed especially with this goal in mind.

Complete Chapter List

Search this Book:
Reset
Table of Contents
Foreword
Peter F. Linington
Acknowledgment
Djamel Khadraoui, Francine Herrmann
Chapter 1
Sophie Gastellier-Prevost
Within a more and more complex environment, where connectivity, reactivity and availability are mandatory, companies must be “electronically... Sample PDF
Security Architectures
$37.50
Chapter 2
Eric Garcia
GRID computing implies sharing heterogeneous resources, located in different places belonging to different administrative domains over a... Sample PDF
Security in GRID Computing
$37.50
Chapter 3
Göran Pulkkis
Security issues of Symbian-based mobile computing devices such as PDAs and smart phones are surveyed. The evolution of Symbian OS architecture is... Sample PDF
Security of Symbian Based Mobile Devices
$37.50
Chapter 4
Michéle Germain, Alexis Ferrero, Jouni Karvo
Using WLAN networks in enterprises has become a popular method for providing connectivity. We present the security threats of WLAN networks, and the... Sample PDF
Wireless Local Area Network Security
$37.50
Chapter 5
Mário M. Ferire
This chapter addresses the problem of interoperability among intrusion detection systems. It presents a classification and a brief description of... Sample PDF
Interoperability Among Instrusion Detection Systems
$37.50
Chapter 6
Snezana Sucurovic
This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic... Sample PDF
Security in E-Health Applications
$37.50
Chapter 7
Hristo Koshutanski
Autonomic communication and computing is the new paradigm for dynamic service integration over a network. In an autonomic network, clients may have... Sample PDF
Interactive Access Control and Trust Negotiation for Autonomic Communication
$37.50
Chapter 8
Isaac Agudo
Advanced applications for the Internet need to make use of the authorization service so that users can prove what they are allowed to do and show... Sample PDF
Delegation Services: A Step Beyond Authorization
$37.50
Chapter 9
Jean-Henry Morin, Michel Pawlak
This chapter introduces digital rights management (DRM) in the perspective of digital policy management (DPM) focusing on the enterprise and... Sample PDF
From DRM to Enterprise Rights and Policy Management: Challenges and Opportunities
$37.50
Chapter 10
Srinivas Mukkamala
Malware has become more lethal by using multiple attack vectors to exploit both known and unknown vulnerabilities and can attack prescanned targets... Sample PDF
Limitations of Current Anti-Virus Scanning Technologies
$37.50
Chapter 11
Indranil Bose
Phishing is a new form of online crime where the unsuspecting user is tricked into revealing his/her personal information. It is usually conducted... Sample PDF
Phishing: The New Security Threat on the Internet
$37.50
Chapter 12
Bogdan Hoanca
The field of information security has realized many advances in the past few decades. Some of these innovations include new cryptographic... Sample PDF
Phishing Attacks and Countermeasures: Implications for Enterprise Information Security
$37.50
Chapter 13
Halim Khelafa
The purpose of this chapter is to provide a wide spectrum of end users with a complete reference on malicious code or malware. End users include... Sample PDF
Prevention and Handling of Malicious Code
$37.50
Chapter 14
Francine Herrmann, Djamel Khadraoui
This chapter provides a wide spectrum of existing security risk management methodologies. The chapter starts presenting the concept and the... Sample PDF
Security Risk Management Methodologies
$37.50
Chapter 15
Albin Zuccato
Organizations are required by legal provision to include information system security into their day- today management activities. To do this... Sample PDF
Information System Life Cycles and Security
$37.50
Chapter 16
Mohammed Hussein
General-purpose software specification languages are introduced to model software by providing a better understanding of their characteristics.... Sample PDF
Software Specification and Attack Languages
$37.50
Chapter 17
R. Manjunath
Providing security for the content that gets exchanged between physically and geographically different locations is challenging. The cost and... Sample PDF
Dynamic Management of Security Constraints in Advanced Enterprises
$37.50
Chapter 18
Fredrik Vraalsen, Tobias Mahler
This chapter gives an introduction to the CORAS approach for model-based security risk analysis. It presents a guided walkthrough of the CORAS risk... Sample PDF
Assessing Enterprise Risk Level: The CORAS Approach
$37.50
About the Contributors