Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CORAS has 11 partners

advertisement 
CORAS
has 11 partners
Computer Technology Institute
Research & Development Unit 1
CORAS is committed to supporting international industry and academic
collaborations both in its core R&D and its application domain areas.
We are actively seeking opportunities for cooperation with technology
providers, system owners and end-user organisations within the
application domains of e-commerce and telemedicine. Government and
business end-users or platform providers can take advantage of the
CORAS technology in order to give their mission critical risk
assessment a more competitive edge. Co-operation with technology
providers would enable all parties concerned to benefit from the
further development of the CORAS tools and methods.
Please contact us
Ketil Stølen
SINTEF Telecom and Informatics
ketil.stoelen@sintef.no
Tony Price
Telenor Research and Development
price@transtrad.com
http://www.nr.no/coras
Why Risk Assessment?
Because …
CORAS in Telemedicine
CORAS is being applied to the regional
health network HYGEIAnet that links hospitals
and public health centres in Crete. CORAS
provides the security assessment of the
Cretan health care structure that consists of
a number of geographically separated health
care centres in a hierarchical organization,
and offers a process of identification and
assessment of potential solutions.
WHY RISK ASSESSMENT?
Today’s systems are becoming ever more complex. Tele-medicine demands
high speed but secure transfer of personal information.
E-Business requires customer confidence.
Internet
2 Mbps link
512 Kbps link
384 Kbps link
256 Kbps link
128 Kbps link
Hania
Vamos
Kissamos
E.K.A.B.
Rethymnon
Heraklion
Ahlada
Culf of Malia
Neapoli
Perama
Spili
Agios
Nikolaos
Sitia
Arhanes
Arkalohori
Tzermiado
Ziros
Agia
Vassilios
Makrigialos
Varvara harakas
Iearapetra
Mires
The model-based approach improves the quality and effectiveness of the risk
assessment process by facilitating precision, communication and interaction
between stakeholders and reduces maintenance costs by increasing the
possibilities for reuse.
Gavdos
Regional Hospital
District Hospital
Primary Health
Centre (PHC)
Community Doctor
Office
CORAS is being applied to the electronic
retail market subsystem of an e-commerce
platform, developed in another European
Union IST project. The security assessments
focus on the user authentication mechanism,
the secure payment mechanism and on the
use of software agents for accomplishing
specialised purchasing tasks, offering a
process for identifying and assessing potential
solutions.
The CORAS Platform
Commercial
modelling
tools
CORAS & THE MODEL-BASED APPROACH
XSL
XML/XMI
internal representation
XSL
Commercial
risk analysis
tools
Personalised
Store Visualiser
The model-based approach provides a uniform, streamlined approach for each stage
in a risk assessment project, from context identification, through risk assessment,
analysis and treatment to presentation of the results.
Virtual Shopping
Operator
Shopping
Recommender
XSL
HAS CORAS ALREADY BEEN APPLIED?
Online Sales
Negotiator
Consumer &
Product Information
Yes! The CORAS framework has already been successfully applied in pilot
Field Trials in the important areas of Tele-Medicine and
e-Commerce.
Commercial vulnerability
and treat management tools
CORAS - The Technology
CORAS delivers a tool-supported framework
whose important components are:
A model-based risk assessment methodology
integrating techniques and features
from partly complementary risk assessment
methods as well as patterns and methodology
for UML (Unified Modelling Language) oriented
modelling.
A risk documentation framework based
on the ISO standard RM-ODP
(Reference Model for Open Distributed
Processing).
A risk management process based on the
international security risk management
standards AS/NZS 4360 and ISO/IEC 17799.
An integrated risk management and systems
development process based on the UP (Unified
Process) for information systems development,
and integrating several complementary widely
applicable risk assessment methods.
A platform for tool-inclusion based on XML
(eXtensible Markup Language) technology.
Zakros
CORAS in E-Commerce
WHY MODEL-BASED RISK ASSESSMENT?
XML tools providing
basic functionality
Palekastro
Kasteli
WHO BENEFITS FROM CORAS?
The Application Owner - CORAS provides more reliable assessment results at reduced costs.
The Risk Analyst - CORAS improves the effectiveness of risk assessment by integrating widely used risk
assessment techniques into a single tool-supported framework.
The System Designer - CORAS facilitates the early discovery of vunerabilities and supports the tracing
of the causes of security faults
Related documents
Model-based Risk Analysis of Security Critical Systems
Model-based Risk Analysis of Security Critical Systems
The CORAS Rationale The risk management process
The CORAS Rationale The risk management process
CORAS Integration Platform About Coras Platform
CORAS Integration Platform About Coras Platform
Testsprioritation
Testsprioritation
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
Experiences from using model-based risk assessment to evaluate
Experiences from using model-based risk assessment to evaluate
How to Analyze Security with Respect to Change Mass Soldal Lund
How to Analyze Security with Respect to Change Mass Soldal Lund
The CORAS Tool for Security Risk Analysis
The CORAS Tool for Security Risk Analysis
The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
&25$6$)UDPHZRUNIRU5LVN$QDO\VLVRI6HFXULW\&ULWLFDO6\VWHPV
&25$6$)UDPHZRUNIRU5LVN$QDO\VLVRI6HFXULW\&ULWLFDO6\VWHPV
0RGHOEDVHGULVNDVVHVVPHQW±WKH&25$6DSSURDFK
0RGHOEDVHGULVNDVVHVVPHQW±WKH&25$6DSSURDFK
The CORAS Method Process, Concepts and Notation Ketil Stølen CORAS
The CORAS Method Process, Concepts and Notation Ketil Stølen CORAS
Model-based risk assessment – the CORAS approach
Model-based risk assessment – the CORAS approach
The CORAS approach for model-based risk management applied to a telemedicine service
The CORAS approach for model-based risk management applied to a telemedicine service
Model-based risk assessment – the CORAS approach
Model-based risk assessment – the CORAS approach
Part II: Example-Driven Walkthrough of the CORAS Method
Part II: Example-Driven Walkthrough of the CORAS Method
Model-Driven Risk Analysis: the CORAS Approach
Model-Driven Risk Analysis: the CORAS Approach
Model-Driven Risk Analysis: the CORAS Approach
Model-Driven Risk Analysis: the CORAS Approach
The CORAS Framework for a Model-Based Risk Management Process
The CORAS Framework for a Model-Based Risk Management Process
Evaluating the Compatibility of a Tool to Support E-Businesses’ Security Negotiations
Evaluating the Compatibility of a Tool to Support E-Businesses’ Security Negotiations
Model based Security Risk Analysis for Web Applications: The CORAS approach
Model based Security Risk Analysis for Web Applications: The CORAS approach
Model-based Risk Assessment to Improve Enterprise Security
Model-based Risk Assessment to Improve Enterprise Security
Download
advertisement