Welcome to the InfoSci Platform
Experiences from Using the CORAS Methodology to Analyze a Web Application

Experiences from Using the CORAS Methodology to Analyze a Web Application

Folker den Braber, Arne Bjørn Mildal, Jone Nes, Ketil Stølen, Fredrik Vraalsen
Copyright: © 2006 |Pages: 22
ISBN13: 9781599044088|ISBN10: 1599044080|EISBN13: 9781599044101
DOI: 10.4018/978-1-59904-408-8.ch007
Cite Chapter Cite Chapter

MLA

den Braber, Folker, et al. "Experiences from Using the CORAS Methodology to Analyze a Web Application." Cases on Information Technology Planning, Design and Implementation, edited by Mehdi Khosrow-Pour, D.B.A., IGI Global, 2006, pp. 100-121. https://doi.org/10.4018/978-1-59904-408-8.ch007

APA

den Braber, F., Mildal, A. B., Nes, J., Stølen, K., & Vraalsen, F. (2006). Experiences from Using the CORAS Methodology to Analyze a Web Application. In M. Khosrow-Pour, D.B.A. (Ed.), Cases on Information Technology Planning, Design and Implementation (pp. 100-121). IGI Global. https://doi.org/10.4018/978-1-59904-408-8.ch007

Chicago

den Braber, Folker, et al. "Experiences from Using the CORAS Methodology to Analyze a Web Application." In Cases on Information Technology Planning, Design and Implementation, edited by Mehdi Khosrow-Pour, D.B.A., 100-121. Hershey, PA: IGI Global, 2006. https://doi.org/10.4018/978-1-59904-408-8.ch007

Export Reference

Mendeley
Favorite

Abstract

During a field trial performed at the Norwegian telecom company NetCom from May 2003 to July 2003, a methodology for model-based risk analysis was assessed. The chosen methodology was the CORAS methodology (CORAS, 2000), which has been developed in a European research project carried out by 11 European companies and research institutes partly funded by the European Union. The risk analysis and assessment were carried out by the Norwegian research institute SINTEF in cooperation with NetCom. NetCom (www.netcom.no) is one of the main mobile phone network providers in Norway. Their ‘MinSide’ application offers their customers access to their personal account information via the Internet, enabling them to view and change the properties of their mobile phone subscription. ‘MinSide’ deals with a lot of sensitive customer information that needs to be secure, while at the same time being easily available to the customer in order for the service to remain usable and competitive. The goal of the analysis was to identify risks in relation to the use of the ‘MinSide’ application and, where possible, suggest treatments for these risks. This was achieved through two model-driven brainstorming sessions based on system documentation in the form of UML sequence diagrams and data flow diagrams.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.