Chingwoei Gan - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Chingwoei Gan

Description:

... security-critical tele-cardiology service (ECG and other sensitive medical data) ... XML-driven web-based graphical user interfaces allow for access to ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 12
Provided by: bjrnax
Category:

less

Transcript and Presenter's Notes

Title: Chingwoei Gan


1
  • Chingwoei Gan
  • CORAS Platform Developer
  • Regensburg, September 23, 2002

2
  • A Guided Tourof CORAS Model-based Risk Analysis
    using the CORAS Platform
  • Highlights
  • Demonstration of tool-supported integration of
    modeling technique and the risk analysis process
  • Applied to security-critical tele-cardiology
    service (ECG and other sensitive medical data)
  • Using the CORAS platform, commercial CASE
    (rational Rose), table tools (MS Access XP)

3
CORAS Platform
  • CORAS platform the computerized part of the
    CORAS framework is used to support model-based
    risk assessment
  • Two sub-repositories
  • Reusable Element Repository (storing reusable
    elements - diagrams, tables templates,
    documentations)
  • Assessment Repository (storing instantiated and
    extended reusable elements)
  • XML-driven web-based graphical user interfaces
    allow for access to the CORAS repository

4
CORAS Risk Management Process
5
CORAS Risk Management Process
  • Each sub-process is further divided into varying
    activities
  • For each activity there are guidelines on how to
    perform the activity

6
CORAS Platform How it works
  • Locate any reusable elements, such as table
    templates and guidelines
  • Identify query results that are relevant or
    useful for assessment

7
CORAS Platform How it works
  • Store useful elements in the Assessment
    Repository (AR) for further analysis and
    instantiations

Useful elements any UML diagrams, risk analysis
table templates or documentation (best practice,
guidelines etc.)
Ease of navigation
8
CORAS Platform How it works
  • Carry out CORAS risks analysis process and
    instantiate stored elements

UML model
  • SWOT Analysis Sub-activity
  • The objective of SWOT is to define relationship
    between the organization and its environment.
    SWOT is used to identify high-level strengths,
    weaknesses, opportunities and enterprise threats,
    and may indicate the general direction of the
    rest of the assessment.
  • Specification of the SWOT concern
  • A SWOT concern has three elements
  • A SWOT table
  • A Stakeholder table
  • A SWOT diagram
  • More Guidelines

Guidelines
Table templates
9
CORAS Platform How it works
  • Upload instantiated elements back into the
    Assessment Repository (AR) for future use

Web GUIs
Web Folder (WebDav)
10
Benefits
  • The CORAS platform is built on open-source
    technologies its FREE!
  • Inter-operate with existing tools (via XML)
  • CASE tools (Rational Rose, Objecteering)
  • Risk analysis tools (simple tool such as MS
    Access also works!)
  • Internet-enabled - highly portable
  • Last but not least it supports the CORAS
    framework

11
The CORAS Framework Model-based Risk Analysis
1
Identify the context
Identify Risks
2
Analyse Risks
3
likelihood
consequences
Estimate level of risk
Evaluate Risks
4
Yes
Assess Risks
5
No
Treat Risks
Write a Comment
User Comments (0)
About PowerShow.com