This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis.
F. den Braber, I. Hogganvik, M. S. Lund, K. Stølen, and F. Vraalsen. Model-based security analysis in seven steps — a guided tour to the CORAS method. BT Technology Journal, 25(1):101–117, January 2007. doi:10.1007/s10550-007-0013-9.
@article{braber_modelbased_2007,
abstract = {This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the CORAS security risk modelling language as a means for communication and interaction during the seven steps.},
author = {den Braber, F. and Hogganvik, I. and Lund, M. S. and St\o{}len, K. and Vraalsen, F.},
doi = {10.1007/s10550-007-0013-9},
issn = {1358-3948, 1573-1995},
journal = {BT Technology Journal},
language = {en},
month = {January},
number = {1},
pages = {101-117},
title = {Model-Based Security Analysis in Seven Steps \textemdash{} a Guided Tour to the {{CORAS}} Method},
volume = {25},
year = {2007}
}