Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

The CORAS Rationale The risk management process

advertisement 
The CORAS Rationale
Model-based risk assessment employs modelling technology
for three main purposes:
•To describe the target of assessment at the right level of
abstraction
•As a medium for communication and interaction between different
groups of stakeholders involved in risk assessment
•To document risk assessment results and the assumptions on
which these results depend
Identify Context
Graphical OOmodeling based
on UML
The CORAS Framework
The risk management process provides the core for the CORAS process from a
traditional risk analysis background. Combined with the risk documentation
framework this provides the basis for the development of the integrated risk
management and development process. The fourth anchor point represents the
CORAS platform, which is a tool that is interoperable with different other tools
from both the risk analysis field and the modelling world, providing a modelbased risk assessment product that can be used on either existing systems or
systems under development.
Documentation
af analysis
results and
assumptions
Model-based
risk assessment
Sub-process 1:
Context Identification
Security requirements
•Patient’s health
•Medical data
•Username&password
•Reputation of GP
•Medical Equipment
•Reputation of system
provider
•Server software
•Integrity of medical info
•Accountability (identification and
non-repudiation) of medical data
•Availability of service whenever it
is needed
•Confidentiality of the medical
information
•Prevention from damage of
equipment and software
Preparatory work,
performed by
medical experts
and
technical
developers
Integrated teleconsultation services in cardiology
Determine
consequence
Estimate level of risk
Evaluate Risks
yes
Treat Risks
For each risk (group of risks)
treatment approaches and
options
are described.
&$5',2/2*,67B0RELOH
*3B0RELOH
Determine
likelihood
no
General Practitioner in
Remote healthcare Center
Context models and descriptions
Analyse Risks
Accept Risks
Telemedicine in the CORAS project
Assets
Monitor and Review
Identify Risks
Communicate and Consult
Graphical
OO-models
as media
for
communication
Integrated risk
management
and
development
process
Model-based
risk assessment
methodology
Risk
management
process
Platform for toolinclusion based on
data integration
Precise input
at the right
level of
abstraction
Risk
assessment
The risk management process
The risk management process in CORAS is based on the AS/NZS:4360
standard. This standard divides the process into the five sub-processes
mentioned in the figure.
Risk
documentation
framework
0RELOH
0RE LOH
Sub-process 5:
Risk Treatment
Possible approaches
Possible treatment options
a) Risk avoidance
b) Reduction of likelihood
c) Reduction of consequence
d) Risk transfer
e) Risk retention
• Changes to security requirements
• Changes to security policies, for example policies
for change of passwords
• Changes to system architecture
• Strategies for testing
• Strategies for monitoring
Risk
Approach Treatment option Benefit
Cost
Lack of
power
supply
a)
Install UPS and
Power problems will not
generators everywhere have effect on the service
anywhere
Cost of UPS and
generator
b)
N/A
c)
Install UPS and gen.s
where needed
d)
N/A
e)
No treatment
Power problems will not
have effect on service at
places with UPS/gen.s
installed
Cost of UPS and
generator
No benefit
Maybe extra cost
due to delay
(OHFWURFDUGLRJUDSK
(&*
&$5',2/2*,67+HDOWK
*HQHUDO3UDFWLWLRQHU
1RWLILFDWLRQ
+HDOWK&DUH3URIIHVLRQDO
Sub-process 4:
Risk Evaluation
&DUH3URIIHVLRQDO
$JHQW
*3&OLQLFDO
&ROODERUDWLRQ
&$5',2/2*,67&OLQLFDO
,QIRUPDWLRQ6\VWHP
0 DQDJHU
,QIRUPDWLRQ6\VWHP
&ROO DERUDWLRQ&RQWH[W
Health Care Professional
Examples of risk categorisation groups:
• Protection of human life and people’s safety
• Integrity of Medical data
• Prevention from unauthorized use of the service
• Reputation of the stakeholders
• Network availability
• Medical expert availability
• Room and equipment availability
• Power availability
Collaboration infrastructure
WebOnCOLL
HSLVRGHBIROGHU
Clinical Information System
Collaboration Manager
The HCP has accessed
the Collaboration Context
reception
Ask the CIS to create a
New Clinical Document
archive
Provide
Doc_Templates
entry/ Get Doc_Template
Fills patient clinical
data and optionally
signs the document
Fill Template
Info
Get Confirmation
Message
Get Confirmation
Likelihood
Consequence Rare
Update Activity Log
Sub-process 2:
Risk Identification
HAZOP
FTA (Fault Tree Analysis)
Assets
Guidewords
Threats
Unwanted
Incidents
Consequence
description
27
Medical
data
Manipulation
Medical data is
changed in an
unauthorised manner
Medical data
changed while
transmitted to/from
server
May cause
wrong
advice/treatment
Medical data
changed while
stored on server
May cause
wrong
advice/treatment
53
68
Lack of power supply
at end points.
53
68
Major
27, 28
Risk level:
Treatment recommendations:
Extreme risk
Significant improvement of system security necessary
High risk
Senior management must consider if service can be
continued
Moderate risk
Specify management responsibility for monitoring the risks
Low risk
Risks can be managed by routine procedures
In order to facilitate risk treatment,
a categorisation/grouping of risks is performed.
Sub-process 3:
Risk Analysis
ID
Information on server
is unavailable
Almost
certain
Risk levels are determined by the combination of
consequence and likelihood.
The risk level for each unwanted incident
is plotted into the Risk Level Matrix.
Medical experts and technical developers
play the most important roles.
Unavailability
Likely
entry/Get Item
Results from preparatory work
presented in a walk-through
and used as background for
a brainstorming session,
identifying threats and unwanted incidents.
50
Possible
50
Moderate
Add Item to Context
exit/ Send Confirmation
28
Unlikely
Minor
Selection of
specialist
Autocomplete
Doc_Template
Send Document
to CM
Submit Clinical
Document
Risk level matrix
of the Teleconsultation
Center
Creation of
Teleconsultation
Folder
Select a Doc_Template
Medical Specialists
Information is
unavailable for
Cardiologist for
more than 5
minutes
A delay for the
Cardiologist
Information on
server is
permanently
unavailable
Information is
lost if insufficient
backup routines
Power supply goes TeleCardiology
down at PHCC
service cannot
be used
Examples of consequence values
Local Network
failure
Power failures
(LAN
equipment)
Misconfiguration
of network
settings at PC
Malicious person
that has access
to PC
PC user (by
mistake)
Misconfiguration
of networking
devices
Malicious person
that has access to
network devices
Disconnection
of cables
Administrator of
network devices
(by mistake)
Examples of likelihood definitions
Conseque Description
nce value
Likelihood
descriptor
Probability range
Minor
• Unavailability of hardware/software
that is possible to be bypassed.
Rare
0.00 – 0.01
Unlikely
0.02 – 0.05
Moderate
• Unavailability of the teleconsultation
service.
• Disclosure of patient data.
Possible
0.06 – 0.20
Likely
0.21 – 0.50
• Violation of the integrity of the medical
data that may cause problems to
patient’s life or stakeholder’s reputation
(legal and moral consequences)
•Unauthorised use of the system in
order to request/provide medical advice
(accountability).
Almost certain
0.51 – 1.00
Major
Values for consequence and likelihood
are assigned for each unwanted incident.
This is done by medical experts and
technical developers and in accordance
with definitions they have made.
Please contact
contact us
us
Please
KetilStølen
Stølen
Ketil
SINTEFTelecom
Telecomand
andInformatics
Informatics
SINTEF
ketil.stoelen@sintef.no
ketil.stoelen@sintef.no
TonyPrice
Price
Tony
TelenorResearch
Researchand
andDevelopment
Development
Telenor
price@transtrad.com
price@transtrad.com
Risk Assessment of Security Critical Systems
http://www.nr.no/coras
http://www.nr.no/coras
The Consortium
The CORAS consortium consists
of three commercial companies:
- Intracom (Greece),
- Solinet (Germany) and
- Telenor (Norway);
seven research institutes:
- CLRC/RAL (UK),
- CTI (Greece),
- FORTH (Greece),
- IFE (Norway),
- NST (Norway),
- NR (Norway) and
- SINTEF (Norway);
as well as one university college:
- Queen Mary University of
London (UK).
Related documents
Model-based Risk Analysis of Security Critical Systems
Model-based Risk Analysis of Security Critical Systems
Testsprioritation
Testsprioritation
CORAS Integration Platform About Coras Platform
CORAS Integration Platform About Coras Platform
Standardized Risk Management Terms, Based on ISO/IEC Guide 73
Standardized Risk Management Terms, Based on ISO/IEC Guide 73
Model-based Risk Assessment
Model-based Risk Assessment
Generic Risk Assessment
Generic Risk Assessment
CORAS has 11 partners
CORAS has 11 partners
Experiences from using model-based risk assessment to evaluate
Experiences from using model-based risk assessment to evaluate
Risk Assessment - Health, Safety and Emergency Management
Risk Assessment - Health, Safety and Emergency Management
Connector Words and Phrases
Connector Words and Phrases
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
Two Variable Risk Matrix Three Variable Risk Calculator
Two Variable Risk Matrix Three Variable Risk Calculator
Download
advertisement