Risk analysis in practice

Ketil Stølen, Bjørnar Solhaug and Mass

Soldal Lund: Model-Driven Risk Analysis – The CORAS Approach

Publishing House: Springer Verlag, 2011

The authors believe that exposure to risk through hacking and leaks from data networks is inevitable in modern society, not only for individuals, but also for industry, commerce and the public sector. Current ISO security and risk analysis standards offer data-security managers in the public and private sectors a framework for analysing and dealing with risk, but say nothing about how this can be done in practice.

This book deals with risk analysis, which in turn is a matter of identifying and dealing with data-security risks. The book describes methods, risk-modelling techniques, guidelines and tools for performing risk analyses, and for updating and maintaining the results of such analyses over time. The CORAS software package is free and can be obtained by getting in touch with Ketil Stølen at http://coras.sourceforge.net/