Abstract
Risk analysis is the identification and documentation of risks with respect to an organisation or a target system. Established risk analysis methods and guidelines typically focus on a particular system configuration at a particular point in time. The resulting risk picture is then valid only at that point in time and under the assumptions made when it was derived. However, systems and their environments tend to change and evolve over time. In order to appropriately handle change, risk analysis must be supported with specialised techniques and guidelines for modelling, analysing and reasoning about changing risks. In this paper we introduce general techniques and guidelines for managing risk in changing systems, and then instantiate these in the CORAS approach to model-driven risk analysis. The approach is demonstrated by a practical example based on a case study from the Air Traffic Management (ATM) domain.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR-016. Carnegie Mellon University (2004)
Ben-Gal, I.: Bayesian networks. In: Ruggeri, F., Kenett, R.S., Faltin, F.W. (eds.) Encyclopedia of Statistics in Quality and Reliability. John Wiley & Sons, Chichester (2007)
Brændeland, G., Refsdal, A., Stølen, K.: Modular analysis and modelling of risk scenarios with dependencies. J. Syst. Softw. 83(10), 1995–2013 (2010)
Dudely, R.M.: Real analysis and probability. Cambridge Studies in Advanced Mathematics, Cambridge (2002)
EUROCONTROL: EUROCONTROL safety regulatory requirements (ESARR) 4 – Risk assessment and mitigation (2001)
EUROCONTROL: Air Traffic Management Strategy for the years 2000+. vol. 1,2 (2003)
EUROCONTROL: ESARR advisory material/Guidance document (EAM 2/ GUI 5) – Harmonisation of safety occurrences severity and risk assessment (2005)
Fenton, N., Neil, M.: Combining evidence in risk analysis using Bayesian networks. Agena White Paper W0704/01, Agena (2004)
Goel, S., Chen, V.: Can business process reengineering lead to security vulnerabilities: Analyzing the reengineered process. Int. J. Prod. Econ. 115(1), 104–112 (2008)
Haugen, Ø., Husa, K.E., Runde, R.K., Stølen, K.: STAIRS towards formal design with sequence diagrams. Softw. Syst. Modeling 4(4), 355–367 (2005)
Howard, R.A.: Dynamic Probabilistic Systems. Markov Models, vol. I. John Wiley & Sons, Chichester (1971)
Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for IT risk management. In: Information Security South Africa Conference, ISSA 2006 (2006)
International Electrotechnical Commission: IEC 61025 Fault Tree Analysis (FTA) (1990)
International Electrotechnical Commission: IEC 60300-9 Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems - Event Tree Analysis (ETA) (1995)
International Organization for Standardization: ISO 31000 Risk management – Principles and guidelines (2009)
Lee, E., Park, Y., Shin, J.G.: Large engineering project risk management using a Bayesian belief network. Expert Syst. Appl. 36(3), 5880–5887 (2009)
Lund, M.S., et al.: SecureChange Deliverable D5.3 Assessment method (2011), http://www.securechange.eu/sites/default/files/deliverables/D5.3.Assessment~Methods.pdf
Lund, M.S., den Braber, F., Stølen, K.: Maintaining results from security assessments. In: 7th European Conference on Software Maintenance and Reengineering (CSMR 2003), pp. 341–350. IEEE Computer Society, Los Alamitos (2003)
Lund, M.S., Solhaug, B., Stølen, K.: Evolution in relation to risk and trust management. Comput. 43(5), 49–55 (2010)
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer, Heidelberg (2011)
Nielsen, D.S.: The cause/consequence diagram method as basis for quantitative accident analysis. Technical report RISO-M-1374, Danish Atomic Energy Commission (1971)
Object Management Group: Unified Modeling Language: Superstructure, version 2.1.1 (non-change bar). OMG Document: formal/2007-02-05 (2005)
Refsdal, A., Stølen, K.: Employing key indicators to provide a dynamic risk picture with a notion of confidence. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds.) IFIPTM 2009. IFIP Advances in Information and Communication Technology, vol. 300, pp. 215–233. Springer, Heidelberg (2009)
Robinson, R.M., Anderson, K., Browning, B., Francis, G., Kanga, M., Millen, T., Tillman, C.: Risk and Reliability – An Introductory Text. R2A, 5th edn (2001)
Schneider, S.: Attack trees: Modeling security threats. Dr. Dobb’s J. 24, 21–29 (1999)
SESAR Consortium: The ATM Target Concept. SESAR Definition Phase - Deliverable 3 (2007)
Sherer, S.A.: Using risk analysis to manage software maintenance. J. Softw. Maint.: Res. Pract. 9(6), 345–364 (1997)
Sindre, G., Opdahl, A.L.: Eliciting security requirements by misuse cases. In: 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS Pacific 2000), pp. 120–131. IEEE Computer Society, Los Alamitos (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Lund, M.S., Solhaug, B., Stølen, K. (2011). Risk Analysis of Changing and Evolving Systems Using CORAS. In: Aldini, A., Gorrieri, R. (eds) Foundations of Security Analysis and Design VI. FOSAD 2011. Lecture Notes in Computer Science, vol 6858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23082-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-23082-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23081-3
Online ISBN: 978-3-642-23082-0
eBook Packages: Computer ScienceComputer Science (R0)