Background and Related Approaches

Lund, Mass Soldal; Solhaug, Bjørnar; Stølen, Ketil

doi:10.1007/978-3-642-12323-8_2

Mass Soldal Lund⁴,
Bjørnar Solhaug⁴ &
Ketil Stølen⁴

2803 Accesses

Abstract

This chapter introduces and explains the basic risk related terminology on which this book builds. It also positions CORAS in the setting of the most well-known alternative approaches to risk modeling and analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Hardcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR-016. Carnegie Mellon University (2004)
Google Scholar
Barber, B., Davey, J.: The use of the CCTA risk analysis and management methodology CRAMM in health information systems. In: 7th International Congress on Medical Informatics, MEDINFO’92, pp. 1589–1593. North-Holland, Amsterdam (1992)
Google Scholar
Ben-Gal, I.: Bayesian networks. In: Ruggeri, F., Kenett, R.S., Faltin, F.W. (eds.) Encyclopedia of Statistics in Quality and Reliability. John Wiley & Sons, New York (2007)
Google Scholar
Bouti, A., Kadi, A.D.: A state-of-the-art review for FMEA/FMECA. Int. J. Reliab. Qual. Saf. Eng. 1, 515–543 (1994)
Article Google Scholar
Fenton, N.E., Krause, P., Neil, M.: Software measurement: Uncertainty and causal modeling. IEEE Softw. 19(4), 116–122 (2002)
Article Google Scholar
Hogganvik, I.: A graphical approach to security risk analysis. Ph.D. thesis, University of Oslo (2007)
Google Scholar
Hogganvik, I., Stølen, K.: Risk analysis terminology for IT-systems: Does it match intuition? In: 4th International Symposium on Empirical Software Engineering, ISESE’05, pp. 13–23. IEEE Computer Society, Los Alamitos (2005)
Google Scholar
Hogganvik, I., Stølen, K.: A graphical approach to risk identification, motivated by empirical investigations. In: 9th International Conference on Model Driven Engineering Languages and Systems, MoDELS’06. Lecture Notes in Computer Science, vol. 4199, pp. 574–588. Springer, Berlin (2006)
Chapter Google Scholar
Howard, R.A.: Dynamic Probabilistic Systems, Volume I: Markov Models. John Wiley & Sons, New York (1971)
Google Scholar
International Electrotechnical Commission: IEC 61025 Fault Tree Analysis (FTA) (1990)
Google Scholar
International Electrotechnical Commission: IEC 60300-3-9 Dependability management – Part 3: Application guide – Section 9: Risk analysis of technological systems – Event Tree Analysis (ETA) (1995)
Google Scholar
International Electrotechnical Commission: IEC 61165 Application of Markov Techniques (1995)
Google Scholar
International Electrotechnical Commission: IEC 61882 Hazard and Operability studies (HAZOP studies) – Application guide (2001)
Google Scholar
International Organization for Standardization: ISO 27001 Information technology – Security techniques – Information security management systems – Requirements (2005)
Google Scholar
International Organization for Standardization: ISO/IEC 17799 Information technology – Security techniques – Code of practice for information security management (ISO27002) (2005)
Google Scholar
International Organization for Standardization: ISO 31000 Risk management – Principles and guidelines (2009)
Google Scholar
International Organization for Standardization: ISO Guide 73 Risk management – Vocabulary (2009)
Google Scholar
Kemeny, J.G., Snell, J.L.: Finite Markov Chains. Springer, Berlin (1976)
MATH Google Scholar
Nielsen, D.S.: The cause/consequence diagram method as basis for quantitative accident analysis. Technical report RISO-M-1374, Danish Atomic Energy Commission (1971)
Google Scholar
Object Management Group: OMG Unified Modeling Language (OMG UML), Superstructure. Version 2.2 (2009). OMG Document: formal/2009-02-02
Google Scholar
Redmill, F., Chudleigh, M., Catmur, J.: System Safety: HAZOP and Software HAZOP. Wiley, New York (1999)
Google Scholar
Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)
Google Scholar
Stålhane, T., Wedde, K.J.: Practical experience with the application of HazOp to a software intensive system. In: Project Control for 2000 and Beyond (ESCOM-ENCRESS’98), pp. 271–281. Shaker Pub (1998)
Google Scholar

Download references

Author information

Authors and Affiliations

SINTEF ICT, P.O. box 124 Blindern, 0314, Oslo, Norway
Mass Soldal Lund, Bjørnar Solhaug & Ketil Stølen

Authors

Mass Soldal Lund
View author publications
You can also search for this author in PubMed Google Scholar
Bjørnar Solhaug
View author publications
You can also search for this author in PubMed Google Scholar
Ketil Stølen
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mass Soldal Lund .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Lund, M.S., Solhaug, B., Stølen, K. (2011). Background and Related Approaches. In: Model-Driven Risk Analysis. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12323-8_2

Download citation

DOI: https://doi.org/10.1007/978-3-642-12323-8_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12322-1
Online ISBN: 978-3-642-12323-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics