CAIRIS

Overview

Risks are defined as the detriment arising from an attacker launching an attack, in the form of a threat, exploiting a system weakness, in the form of a vulnerability. Associated with each risk is a Misuse Case. A Misuse Case describes how the attacker (or attackers) behind the risk’s threat exploits the risk’s vulnerability to realise the risk.

The current status of Risk Analysis can be quickly ascertained by viewing the Risk Analysis model. This displays the current risks, the artifacts contributing to the risk, and the artifacts which potentially mitigate it.

Adding, updating, and deleting a risk

fig:RiskDialog

fig:MisuseCaseDialog

Risk Analysis model

Risk Analysis models can be viewed by clicking on the Risk Analysis Model toolbar button, and selecting the environment to view the environment for.

fig:RiskAnalysisModel

By changing the environment name in the environment combo box, the risk analysis model for a different environment can be viewed. The layout of the model can also be replaced by selecting a layout option in the Layout combo box at the foot of the model viewer window.

By clicking on a model element, information about that artifact can be viewed.

The risk analysis model can also be filtered by artifact type and artifact type. Filtering by type displays only the artifacts of the filtered type, and its directly associated assets. Filtering by artifact name displays only the filtered artifact, and its directly associated artifacts.