Publication | Open Access
Model-based risk assessment to improve enterprise security
107
Citations
4
References
2003
Year
Unknown Venue
EngineeringSecurity Critical SystemsCoras ProjectInformation SecuritySecurity AssessmentSoftware EngineeringRisk AnalysisEnterprise SecuritySecurity MeasurementSecurity ModellingVulnerability Assessment (Computing)Risk ManagementManagementSystems EngineeringSoftware DesignRisk AssessmentSoftware TestingSecurityEnterprise Risk ManagementThreat ModelModel-driven Security
The main objective of the CORAS project is to provide methods and tools for precise, unambiguous, and efficient risk assessment of security critical systems. To this end, we advocate a model-based approach to risk assessment, and define the required models for this. Whereas traditional risk assessment is performed without any formal description of the target of evaluation or results of the risk assessment, CORAS aims to provide a well defined set of models well suited to (1) describe the target of assessment at the right level of abstraction, (2) as a medium for communication between different groups of stakeholders involved in a risk assessment, and (3) to document risk assessment results and the assumptions on which these results depend. We propose models for each step in a risk assessment process and report results of use.
| Year | Citations | |
|---|---|---|
Page 1
Page 1