Title :
Model-based risk assessment to improve enterprise security
Author :
Aagedal, Jan Øyvind ; Den Braber, Folker ; Dimitrakos, Theo ; Gran, Bjørn Axel ; Raptis, Dimitris ; Stølen, Ketil
Author_Institution :
SINTEF Telecom & Informatics, Oslo, Norway
Abstract :
The main objective of the CORAS project is to provide methods and tools for precise, unambiguous, and efficient risk assessment of security critical systems. To this end, we advocate a model-based approach to risk assessment, and define the required models for this. Whereas traditional risk assessment is performed without any formal description of the target of evaluation or results of the risk assessment, CORAS aims to provide a well defined set of models well suited to (1) describe the target of assessment at the right level of abstraction, (2) as a medium for communication between different groups of stakeholders involved in a risk assessment, and (3) to document risk assessment results and the assumptions on which these results depend. We propose models for each step in a risk assessment process and report results of use.
Keywords :
business data processing; distributed object management; risk management; security of data; CORAS project; Reference Model for Open Distributed Processing; distributed object systems; enterprise security; model-based risk assessment; research and development project; security critical systems; Failure analysis; Informatics; Laboratories; Performance evaluation; Research and development; Risk analysis; Risk management; Security; Telecommunications; Unified modeling language;
Conference_Titel :
Enterprise Distributed Object Computing Conference, 2002. EDOC '02. Proceedings. Sixth International
Print_ISBN :
0-7695-1742-0
DOI :
10.1109/EDOC.2002.1137696
