Risk analysis in practice
Ketil Stølen, Bjørnar Solhaug and Mass
Soldal Lund: Model-Driven Risk Analysis – The CORAS Approach
Publishing House: Springer Verlag, 2011
The authors believe that exposure to risk through hacking and leaks from data networks is inevitable in modern society, not only for individuals, but also for industry, commerce and the public sector. Current ISO security and risk analysis standards offer data-security managers in the public and private sectors a framework for analysing and dealing with risk, but say nothing about how this can be done in practice.
This book deals with risk analysis, which in turn is a matter of identifying and dealing with data-security risks. The book describes methods, risk-modelling techniques, guidelines and tools for performing risk analyses, and for updating and maintaining the results of such analyses over time. The CORAS software package is free and can be obtained by getting in touch with Ketil Stølen at http://coras.sourceforge.net/