Presentation is loading. Please wait.

Presentation is loading. Please wait.

Template for CORAS Risk Analysis. The eight steps of a CORAS risk analysis.

Published byNelson Moody Modified over 8 years ago

Similar presentations

Presentation on theme: "Template for CORAS Risk Analysis. The eight steps of a CORAS risk analysis."— Presentation transcript:

1 Template for CORAS Risk Analysis

2 The eight steps of a CORAS risk analysis

3 CORAS Palette Make the CORAS diagrams in the PPT slides by copy-and- paste from this palette

4 Step 1: Preparation for the analysis Objective: do the necessary initial preparations prior to the actual startup of the analysis Tasks: –Contact the customer for the case study –Roughly setting the scope and focus ►

5 Step 2: Customer presentation of the target Objective: achieve an initial understanding of the target of risk analysis Tasks: –Customer presentation on the target –Target to be understood by risk analysts –Set the focus of the analysis On the following blank slides you should add : –Description of the target: The overall goals of the analysis The target that wishes to have analyzed

6 Target of the Analysis

7 Step 3: Refining the target description using asset diagrams Objective: ensure a common and more precise understanding of the target analysis, including its scope, focus, and main assets Task: –The target is understood by the risk analysts –Identify the parties and assets –Conduct a high-level analysis: The first threats, vulnerabilities, threat scenarios and unwanted incidents are identified. On the following blank slides you should add : –Asset diagram –High-level analysis: preliminary list of Unwanted incidents

8 Asset Diagram

9 High Level Analysis Who/ What is the cause?How? What may happen? What does it harm? What makes this possible? ……….. …. …..

10 Step 4: Approval of the target description Objective: decide a ranking of the assets; establish scales for estimating risks and criteria for evaluate risks Tasks: –Define: Likelihood scale and its description Consequence scale for each direct asset –Risk function is determined –Agree on Risk evaluation criteria On the following blank slides you should add : –Likelihood and Consequence scales –Risk function –Risk evaluation criteria

11 Likelihood and Consequence Scale

12 Risk Function and Evaluation Criteria

13 Step 5: Risk Identification using Threat diagrams Objective: Identify and document risks through the identification and documentation of unwanted incidents, threats, threat scenarios and vulnerabilities Tasks: –Identify risk that might harm clients’ assets How a threat exploits a vulnerability to cause an unwanted incident that harms the client’s asset (proposed) Sub steps: –Identify Assets and Threats –Identify Unwanted Incidents –Identify Threat Scenarios –Identify Vulnerabilities On the following blank slides you should add : –Threat diagram

14 Threat Diagrams Create your threat diagrams in the following slides, one diagram per slide –Each diagram should be about one "topic" or "issue" –For example, one diagram can address e.g. one asset, one particular kind of threat, one particular part of the target, etc. Complete first the risk identification, i.e. create all diagrams without considering likelihoods and consequences Once the risk identification is completed, use the diagrams to proceed with the risk analysis The next slide gives a skeleton that can be used as a starting point

15

16

17 Step 6: Risk estimation using threat diagrams Objective: determine risk level of the identified risks Tasks: base on likelihood and consequence scale approved in Step 4 –Assign likelihood estimated for each Threat Scenario –Assign likelihood estimated for each Unwanted Incidents –Assign consequence caused by each Unwanted Incidents on each Asset (the consequence is denoted on “impact” relation On the following blank slides you should add : –Completed Threat diagrams with likelihood and consequences assigned

18 Threat Diagrams Create your Threat diagrams in the following slides Copy-and-past the threat diagrams from step 5 and document likelihood and consequences by annotating these diagrams

19

20

21 Step 7: Risk evaluation using Risk diagram Objective: decide which of the identified risks are acceptable and which must be further evaluated for possible treatment Tasks: –Evaluate the identified risks: Enter the risks into the Risk Function (from step 4) Evaluate which risks are acceptable and which are not –Summarize the risk picture by Risk Diagram On the following blank slides you should add : –Completed Risk Function –Risk Diagram with evaluation result

22 Risk Function

23 Risk Diagram

24 Table Summary of Risk Assessment AssetRiskLikelihoodConsequenceRisk level

25 Step 8: Risk treatment using Treatment diagram Objective: identify cost effective treatments for the unacceptable risks Task: –Identify Treatment Scenario for unacceptable risks: What can we do to reduce the risks to an acceptable (or monitor) level? –Create Treatment diagram –Summarize by Treatment Overview diagram –Evaluate treatment: estimate the cost-benefit of each treatment, and decide which ones to implement –Summarize the risks and treatments by filling in the overall summary table On the following blank slides you should add : –Treatment diagram (=Threat diagram with Treatment added) –Treatment Overview diagram –Treatment evaluation –Overall summary table

26 Treatment Diagrams Create your treatment diagrams in the following slides How: Copy-and-past the threat diagrams from step 6 and document treatments by annotating these diagrams Create your treatment overview diagrams in the following slides How: Copy-and-past the risk diagrams from step 7 and document treatments by annotating these diagrams

27 Treatment Diagrams

28 Treatment Overview Diagrams

29 Treatment Evaluation TreatmentCostRiskRisk reductionSelect to implement

30 Overall Summary In the group USB stick there is an Excel template of the summary table. Please, put the summary of the results of your analysis in the table and save it as.xlsx or.xls file.

Download ppt "Template for CORAS Risk Analysis. The eight steps of a CORAS risk analysis."

Similar presentations

Project management 9.200 Information systems for management1 Project Management.

Project management Information systems for management1 Project Management.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Model-Driven Risk Analysis The CORAS Approach

Model-Driven Risk Analysis The CORAS Approach
Chapter 2 Analyzing the Business Case.

Chapter 2 Analyzing the Business Case.
Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.

Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.
Modern Systems Analysis and Design Third Edition

Modern Systems Analysis and Design Third Edition
Copyright 2002 Prentice-Hall, Inc. Chapter 3 Managing the Information Systems Project 3.1 Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer.

Copyright 2002 Prentice-Hall, Inc. Chapter 3 Managing the Information Systems Project 3.1 Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer.
Part II: Example-Driven Walkthrough of the CORAS Method

Part II: Example-Driven Walkthrough of the CORAS Method
The Risk Management Process

The Risk Management Process
Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.

Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.
Chapter 4 After Green Light. After the Green Light Contractual Agreement Marketing Requirements Document (MRD) Project DefinitionBudget Project Approval.

Chapter 4 After Green Light. After the Green Light Contractual Agreement Marketing Requirements Document (MRD) Project DefinitionBudget Project Approval.
Part III: Change Management Ketil Stølen, SINTEF & UiO FOSAD 2011 1CORAS.

Part III: Change Management Ketil Stølen, SINTEF & UiO FOSAD CORAS.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Project Management Phases Class 6. Initiation & Planning – Agenda Overview of the project management phases Midterm paper details.

Project Management Phases Class 6. Initiation & Planning – Agenda Overview of the project management phases Midterm paper details.
S/W Project Management

S/W Project Management
Software Project Management Lecture # 8. Outline Chapter 25 – Risk Management  What is Risk Management  Risk Management Strategies  Software Risks.

Software Project Management Lecture # 8. Outline Chapter 25 – Risk Management  What is Risk Management  Risk Management Strategies  Software Risks.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
1 Our Expertise and Commitment – Driving your Success An Introduction to Transformation Offering November 18, 2013 Offices in Boston, New York and Northern.

1 Our Expertise and Commitment – Driving your Success An Introduction to Transformation Offering November 18, 2013 Offices in Boston, New York and Northern.
Lecture 32 Risk Management (Cont’d)

Lecture 32 Risk Management (Cont’d)
EARTO – working group on quality issues – 2 nd session 20.6.2011 Anneli Karttunen, Quality Manager VTT Technical Research Centre of Finland This presentation.

EARTO – working group on quality issues – 2 nd session Anneli Karttunen, Quality Manager VTT Technical Research Centre of Finland This presentation.

Similar presentations

Ads by Google