Tutorial 1

Date/Time: Monday, October 17th, 2011 9:00am - 12:00pm
Duration: 3 hours
Title: Analysing risk in practice: The CORAS approach to model-driven risk Analysis

Presenters: Dr. Atle Refsdal


The term “risk” is known from many fields. On an almost daily basis we face references to “contractual risk”, “economic risk”, “operational risk”, “environmental risk”, “health risk”, “political risk”, “legal risk”, “security risk”, and so forth. In order to identify and assess risks we may conduct risk analyses.

In this tutorial we present the CORAS approach, which is a self-contained risk analysis methodology and the first to be truly model-driven in the sense that modelling is an integrated part in every part of the process. The methodology is described in detail in the book Model-Driven Risk Analysis. The CORAS Approach, and has been validated through application in a large number of full-scale industrial analyses.

The goal of the tutorial is to give the audience an introduction to the basics of risk analysis and to introduce the audience to the CORAS method and language for model-driven risk analysis. The intended audience is anyone with an interest in software engineering, security and risk management. The tutorial should be suitable both for persons new to risk analysis, as well as people familiar with risk analysis that are interested in the model-driven approach.


Dr. Atle Refsdal is employed as a research scientist at SINTEF ICT. He received his PhD in informatics from the University of Oslo in 2008. He has done research on methods, languages and tools supporting risk analysis in European as well as national projects, and conducted a number of industrial security risk analyses over the last four years.

Last modified: 2011-09-29 23:33:23 EDT

ACM CCS 2011