Title: The CORAS approach for modelbased risk analysis applied to the telemedicine domain
1The CORAS approach for model-based risk analysis
applied to the telemedicine domain
- Nortelemed, Tromsø
- 1 October 2002
- Eva Henriksen, Norwegian Centre for Telemedicine
2CORAS is ...
- a European RD project within the 5th framework
program - with 11 partners from industry and RD
- from 4 countries
The Consortium The CORAS consortium consists of
three commercial companies - Intracom
(Greece), - Solinet (Germany) and - Telenor
(Norway) seven research institutes - CLRC/RAL
(UK), - CTI (Greece), - FORTH (Greece), - IFE
(Norway), - NCT (Norway), - NR (Norway) and -
SINTEF (Norway) as well as one university
college - Queen Mary University of London (UK).
The Consortium The CORAS consortium consists of
three commercial companies - Intracom
(Greece), - Solinet (Germany) and - Telenor
(Norway) seven research institutes - CLRC/RAL
(UK), - CTI (Greece), - FORTH (Greece), - IFE
(Norway), - NCT (Norway), - NR (Norway) and -
SINTEF (Norway) as well as one university
college - Queen Mary University of London (UK).
The Consortium The CORAS consortium consists of
three commercial companies - Intracom
(Greece), - Solinet (Germany) and - Telenor
(Norway) seven research institutes - CLRC/RAL
(UK), - CTI (Greece), - FORTH (Greece), - IFE
(Norway), - NCT (Norway), - NR (Norway) and -
SINTEF (Norway) as well as one university
college - Queen Mary University of London (UK).
The Consortium The CORAS consortium consists of
three commercial companies - Intracom
(Greece), - Solinet (Germany) and - Telenor
(Norway) seven research institutes - CLRC/RAL
(UK), - CTI (Greece), - FORTH (Greece), - IFE
(Norway), - NCT (Norway), - NR (Norway) and -
SINTEF (Norway) as well as one university
college - Queen Mary University of London (UK).
The Consortium The CORAS consortium consists of
three commercial companies - Intracom
(Greece), - Solinet (Germany) and - Telenor
(Norway) seven research institutes - CLRC/RAL
(UK), - CTI (Greece), - FORTH (Greece), - IFE
(Norway), - NCT (Norway), - NR (Norway) and -
SINTEF (Norway) as well as one university
college - Queen Mary University of London (UK).
The Consortium The CORAS consortium consists of
three commercial companies - Intracom
(Greece), - Solinet (Germany) and - Telenor
(Norway) seven research institutes - CLRC/RAL
(UK), - CTI (Greece), - FORTH (Greece), - IFE
(Norway), - NCT (Norway), - NR (Norway) and -
SINTEF (Norway) as well as one university
college - Queen Mary University of London (UK).
3Main objectives
- To develop a practical framework for a precise,
unambiguous and efficient risk analysis of
security critical systems, by combining - methods for risk analysis
- semiformal description methods (object-oriented
modelling) - computerised tools
- To apply the framework in security critical
application domains - Telemedicine
- E-commerce
- To assess the applicability, usability, and
efficiency of the framework
4The telemedicine trial
- Targets Two telemedicine pilot services in Crete
- ATTRACT a video-conference service for remote
follow-up of asthmatic children. - TeleCardiology a web-based service for
GP-to-specialist tele-consultation in the case of
patients with acute heart problems. - Both services make use of HYGEIAnet,
- the regional healthcare network of Crete,
connecting - 4 regional hospitals
- 21 primary health care centres and community
doctors
5The CORAS Risk Management Process
6The CORAS Risk Management Process
7Sub-process 1Context Identification
- Preparatory work before risk assessment meeting
- Identify areas of relevance
- Identify and value assets
- Identify security requirements/policies
- Determine risk evaluation criteria
- During risk assessment meeting
- Walk-through / Approval
8The ATTRACT Service
Sub-process 1 Context Identification System
description
9The ATTRACT Service
Sub-process 1 Context Identification System
description
10The TeleCardiology Service
Sub-process 1 Context Identification System
description
Collaboration infrastructure WebOnCOLL
General Practitioner in Remote healthcare Center
Medical Specialists at the Teleconsultation Cente
r
Creation of Teleconsultation Folder
Selection of specialist
11The Telecardiology service
Sub-process 1 Context Identification System
description
12Sub-process 1 Context Identification System
description
The TeleCardiology service
Health Care Professional
Clinical Information System
Collaboration Manager
13Sub-process 1 Context Identification SWOT
14Sub-process 1 Context IdentificationAssets
15Sub-process 1 Context IdentificationSecurity
requirements
16The CORAS Risk Management Process
17Sub-process 2Risk Identification
- Identify threats to assets
- Identify vulnerabilities of assets
- Describe unwanted incidents
18Sub-process 2 Risk IdentificationIdentify
threats, vulnerabilities and unwanted incidents
19Sub-process 2 Risk IdentificationIdentify
threats, vulnerabilities and unwanted incidents
FTA (Fault Tree Analysis)
Local Network
failure
Misconfiguration
Power failures
Misconfiguration
Disconnection
of networking
(LAN
of network
of cables
devices
equipment)
settings at PC
Malicious person
Administrator of
Malicious person
PC user (by
that has access to
network devices
that has access
mistake)
network devices
(by mistake)
to PC
20The CORAS Risk Management Process
21Sub-process 3Risk Analysis
- Consequence evaluation
- Likelihood/Frequency evaluation
22Sub-process 3 Risk AnalysisDetermine consequence
Examples of consequence definitions
23Sub-process 3 Risk AnalysisDetermine likelihood
Examples of likelihood definitions
24The CORAS Risk Management Process
25Sub-process 4Risk Evaluation
- Determine level of risk
- Prioritize risks
- Categorise risks
- Determine interrelationships among risk themes
- Prioritise the resulting risk themes and risks
26Sub-process 4 Risk EvaluationDetermine level of
risk
27Sub-process 4 Risk EvaluationCategorise risks
- Examples of risk categorisation groups
- Protection of human life and peoples safety
- Integrity of Medical data
- Prevention from unauthorized use of the service
- Reputation of the stakeholders
- Network availability
- Software availability
- Medical expert availability
- Room and equipment availability
- Power availability
- Technical support availability
28The CORAS Risk Management Process
29Sub-process 5Risk Treatment
- Identify treatment options
- Assess alternative treatment approaches
30Sub-process 5 Risk TreatmentIdentify treatment
options
- Possible treatment options
- Changes to security requirements
- Changes to security policies, for example
policies for change of passwords - Changes to system architecture
- Strategies for testing
- Strategies for monitoring
- Possible approaches
- a) Risk avoidance
- b) Reduction of likelihood
- c) Reduction of consequence
- d) Risk transfer
- e) Risk retention
31The CORAS Risk Management Process
32Communicate and consult
- Provide stakeholders with risk assessment report
and recommendations with respect to treatment - Main results of the CORAS Risk Management
Process - Risk assessment report
- A collection of easily retrievable and reusable
documentation of all identified stakeholders,
assets, threats, vulnerabilities, unwanted
incidents, risks, risk themes, treatment options
and proposed treatment actions related to the
target of assessment (in the CORAS repository) - UML models of system descriptions relevant for
the risk assessment and results
33Effort spent by medical doctors
- For each participating doctor
- 2 preparatory meetings (2 hrs each)
- introduction to the CORAS risk management process
- discussions about models and functionality of the
service - identification and definition of levels of
likelihood, consequence and risk - 12 one-day risk assessment meetings
- identify threats
- identify consequences and likelihoods
- 1 wrap-up meeting (1 hr)
- discussing preliminary results
34Feedback from doctors
- Easy to take part, easy to understand.
- The risk assessment process helped us to
increase our knowledge of the potential security
threats of the service. - The risk assessment process made us aware of
some vulnerabilities we should address. - The risk assessment process made us aware of
possible security threats and vulnerabilities at
the other side.