An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS

  title={An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS},
  author={L. M. Tran and B. Solhaug and K. St{\o}len},
Risk is unavoidable in business and risk management is needed amongst others to set up good security policies. Once the risks are evaluated, the next step is to decide how they should be treated. This involves managers making decisions on proper countermeasures to be implemented to mitigate the risks. The countermeasure expenditure, together with its ability to mitigate risks, is factors that affect the selection. While many approaches have been proposed to perform risk analysis, there has been… Expand
Security risk analysis of system changes exemplified within the oil and gas domain
When to Treat Security Risks with Cyber Insurance
  • P. H. Meland, Fredrik Seehusen
  • Computer Science, Business
  • 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)
  • 2018
Divide and Conquer - Towards a Notion of Risk Model Encapsulation
Early Dealing with Evolving Risks in Long-Life Evolving Software Systems
  • L. M. Tran
  • Engineering, Computer Science
  • CAiSE Workshops
  • 2013
Network of Excellence Deliverable D10.4 Enhanced Methods for Risk and Cost Aware SDLC
ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System
Supporting ISO 27001 Establishment with CORAS
Pattern and Security Requirements


Security attribute evaluation method: a cost-benefit approach
  • S. Butler
  • Engineering, Computer Science
  • ICSE '02
  • 2002
Model-Driven Risk Analysis - The CORAS Approach
Risk Analysis and Security Countermeasure Selection
SP 800-30. Risk Management Guide for Information Technology Systems
Decision support for systems security investment
Risk Analysis of Changing and Evolving Systems Using CORAS
Risk analysis for Information Systems
Making Cost Effective Security Decision with Real Option Thinking
  • Jingyue Li, Xiaomeng Su
  • Business, Computer Science
  • International Conference on Software Engineering Advances (ICSEA 2007)
  • 2007
Modular analysis and modelling of risk scenarios with dependencies