The idea of risk permeates the information security field. We use terms like ``risk management'', ``risk assessment'', ``risk model'' and ``risk analy...
The main objective of the CORAS project is to provide methods and tools for precise, unambiguous, and efficient risk assessment of security critical systems. To this end, we advoc...
Despite a growing awareness of security issues in networked computing systems, most development processes used today still do not take security aspects into account. To address th...
We propose a novel approach for statistical risk modeling of network attacks that lets an operator perform risk analysis using a data model and an impact model on top of an attack ...
Improved computer security requires improvements in risk communication to naive end users. Efficacy of risk communication depends not only on the nature of the risk, but also on t...