The CORAS Language – why it is designed the way it is

  title={The CORAS Language – why it is designed the way it is},
  author={B. Solhaug and K. St{\o}len},
CORAS1 [6] is an approach to risk analysis based on the ISO 31000 international standard on risk management [4]. The approach is model-driven in the sense that graphical models are actively used throughout the whole risk analysis process to support the various analysis tasks and activities, and to document the results. It is defensive, which means that the risk analysis is concerned with protecting existing assets, rather than balancing potential gain against risk of investment loss (as, for… Expand
Security risk analysis of system changes exemplified within the oil and gas domain
Development of Tool Support within the Domain of Risk-Driven Security Testing
CORAL: A Model-Based Approach to Risk-Driven Security Testing
Risk Assessment Based on CORAS and Fuzzy logic
The Trouble with Security Requirements
  • Sven Türpe
  • Engineering, Computer Science
  • 2017 IEEE 25th International Requirements Engineering Conference (RE)
  • 2017
Supporting ISO 27001 Establishment with CORAS
Pattern and Security Requirements


Model-Driven Risk Analysis - The CORAS Approach
Risk Analysis of Changing and Evolving Systems Using CORAS
Model-driven risk analysis of evolving critical infrastructures
A graphical approach to risk identification, motivated by empirical investigations
Modular analysis and modelling of risk scenarios with dependencies
Business Process Model and Notation - BPMN
Uncertainty in fault tree analysis: A fuzzy approach
Fuzzy fault tree analysis
  • D. Weber
  • Computer Science
  • Proceedings of 1994 IEEE 3rd International Fuzzy Systems Conference
  • 1994