CORAS representation Sample Clauses

CORAS representation. The CORAS fragment is identical to Figure 22 presented in Section 7.5.1.
Sample 1
AutoNDA by SimpleDocs
CORAS representation. A risk is the likelihood of an incident and its consequence for an asset. Hence, in order to assess the risk level, we need to assess the likelihood of the incident and its consequence for the asset in question. Figure 18 illustrates how a risk is represented in a CORAS threat diagram as a combination of an incident, an asset, and an 'impacts'-relation from the incident to the asset. Our naming convention is shown in 0. Notice that the square brackets are normally used to hold likelihood and consequence assessments. We have inserted the variable/node names to be used in the corresponding DEXi fragment, in order to make it easier to understand the connection. Figure 18. CORAS fragment representing a risk
Sample 1
CORAS representation. Figure 21 shows a fragment of a CORAS diagram showing two nodes (threat scenarios S1 and S2) that may each lead to another node (threat scenario S3). This is represented by the 'leads-to' relation from each of S1 and S2 to S3. The likelihood of S3 thus depends on the likelihood of S1 and the conditional likelihood of an occurrence of S1 actually leading to an occurrence of S3, and similarly for S2. Notice that the diagram is meant to represent an example of a more general case, where one or more nodes may lead to another node. Moreover, even if all nodes in this particular fragment are threat scenarios, each of them could equally well have been replaced by an incident without having any impact on the reasoning presented here. Figure 21. CORAS fragment representing incoming 'leads-to' relations 9.2.2 DEXi representation Figure 22 shows a DEXi fragment corresponding to the CORAS fragment in Figure 21. Figure 22. DEXi fragment representing incoming 'leads-to' relations The root node (l_S3) represents the likelihood of S3. This has two direct sub-nodes, as it depends on the likelihood contribution from S1 (l_S1_to_S3) and the likelihood contribution from S2 (l_S2_to_S3). The likelihood contribution from S1 to S3 again has two direct sub-nodes, showing that it depends on the likelihood of S1 (l_S1) as well as the conditional likelihood of an occurrence of S1 actually leading to S3 (cl_S1_to_S3). Similarly, the likelihood contribution from S2 to S3 depends on the likelihood of S2 (l_S2) as well as the conditional likelihood of S2 leading to S3 (cl_S2_to_S3). Figure 22 shows only one example, where there are two incoming branches to S3. In general, the number of direct sub-nodes to S3 will be equal to the number of incoming branches. However, it is important to avoid having to too many incoming branches to a node, as this makes it hard to define the utility function. When using five-step scales as in the example, even three incoming branches would give 125 possible combinations. This is can already be hard to handle, and more branches would be completely unfeasible. In such cases, we recommend restructuring the model, as further explained in the DEXi manual [1]. Observe that the nodes representing likelihoods of S1 and S2 occur at the bottom/leaf layer of the DEXi fragment in Figure 22. As these may again depend on incoming branches, the model allows any finite number of levels in the DEXi tree.
Sample 1
CORAS representation. Indicators can be attached to a 'leads-to' relation from one node to another to show that the indicators are used as input for assessing the conditional likelihood of an occurrence of the source node leading to the target node. Normally, this is done by attaching the indicators to a vulnerability on the 'leads-to relation', as the indicators typically say something about the presence or severity of the vulnerability. Figure 25 shows a fragment of a CORAS diagram where two indicators, I1 and I2, have been attached to a vulnerability on the 'leads-to' relation between two nodes. Figure 25. CORAS fragment representing 'leads-to' relation with indicators 9.4.2 DEXi representation Figure 26 shows a DEXi fragment corresponding to the CORAS fragment in Figure 25. Figure 26. DEXi fragment representing 'leads-to' relation with indicators The root node (cl_S1_to_S2) represents the conditional likelihood that an occurrence of the source node (S1) will lead to the target node (S2). Here, there is one direct sub-node to the root node for each attached indicator. Hence, the likelihood of the root node (cl_S1_to_S2) depends on these indicators. As for the case with indicators attached to a node, before the utility function of cl_S1_to_S2 can be defined, we have to define an ordered scale for each indicator. This is done in the same way as described in Section 9.3.
Sample 1
CORAS representation. The CORAS fragment is identical to Figure 13 presented in Section 7.1.1.
Sample 1
CORAS representation. Indicators can be attached to a node in order to show that the indicators are used as input for assessing the likelihood of the node. Figure 18 shows a fragment of a CORAS diagram where two indicators, I1 and I2, have been attached to a node S1. The indicators are represented as 'notes', where the colour denotes the indicator type. However, the indicator type is not important for our purposes here, as they are all treated the same with respect to the guidelines. Figure 18 CORAS fragment representing a node with attached indicators Notice that in CORAS diagrams, a branch always starts with a threat initiating a node. However, we rarely assign likelihoods to the threats themselves or to the 'initiates' relation from a threat to a node, but rather to the node. Any indicators assigned to a threat or to an 'initiates' relation can therefore be handled as if it was assigned directly to the node, following the guidelines of this subsection. 7.3.2 DEXi representation Figure 19 shows a DEXi fragment corresponding to the CORAS fragment in Figure 18. 2 This restriction can, however, be lifted if we assume that one occurrence of the source node can lead to several occurrences of the target node. Figure 19 DEXi fragment representing a node with attached indicators Here, there is one direct sub-node (which is also a leaf-node, and hence shown as a triangle) to the root node for each attached indicator. Hence, the likelihood of the root node (l_S1) depends on these indicators. Before the utility function of l_S1 can be defined, an ordered scale has to be defined for each indicator. Although the indicators do not necessarily represent a likelihood, we make sure to define the scale in such that a low value implies a low risk contribution. For example, assume that a threat scenario representing initiation of a HTTP Request/Response splitting is included in a risk model for client-server protocol manipulation. To this threat scenario, we attach the indicator 'Has any network reconnaissance attempt been detected in the past?' Since this is a yes/no question, the scale for the indicator only has two steps: Yes and No. A positive answer may indicate that someone has tried to prepare for an attack, and hence an increased likelihood. Therefore, for this indicator scale, the order from lowest to highest value would be No; Yes.
Sample 1
CORAS representation. CORAS diagrams can be used to show risk mitigation options by attaching these to the different elements of a risk model. Figure 22 shows such a diagram. Figure 22 CORAS fragment associated with mitigation proposal Here, the mitigation option M1 is attached to threat scenario S1, indicating that implementing M1 will reduce the likelihood of S1, which could also reduce the likelihood of U1, and hence the associated risk.
Sample 1
AutoNDA by SimpleDocs
CORAS representation. Indicators can be attached to a node in order to show that the indicators are used as input for assessing the likelihood of the node. Figure 23 shows a fragment of a CORAS diagram where two indicators, I1 and I2, have been attached to a node S1. The indicators are represented as 'notes', where the colour denotes the indicator type. However, the indicator type is not important for our purposes here, as they are all treated the same with respect to the guidelines. 2 This restriction can, however, be lifted if we assume that one occurrence of the source node can lead to several occurrences of the target node.
Sample 1
CORAS representation. CORAS diagrams can be used to show risk mitigation options by attaching these to the different elements of a risk model. Figure 27 shows such a diagram.
Sample 1

Related to CORAS representation

  • Client Representations Client represents and warrants to Consultant that;

  • Defendant’s Representations The defendant acknowledges that he has entered into this plea agreement freely and voluntarily after receiving the effective assistance, advice and approval of counsel. The defendant acknowledges that he is satisfied with the assistance of counsel, and that counsel has fully advised him of his rights and obligations in connection with this plea agreement. The defendant further acknowledges that no threats or promises, other than the promises contained in this plea agreement, have been made by the United States, the Court, his attorneys or any other party to induce him to enter his plea of guilty.

  • Company’s Representations and Warranties In order to induce Lenders to enter into this Amendment and to amend the Credit Agreement in the manner provided herein, Company represents and warrants to each Lender that the following statements are true, correct and complete:

  • Investment Representation The Holder hereby represents and covenants that (a) any share of Stock acquired upon the vesting of the Award will be acquired for investment and not with a view to the distribution thereof within the meaning of the Securities Act of 1933, as amended (the “Securities Act”), unless such acquisition has been registered under the Securities Act and any applicable state securities laws; (b) any subsequent sale of any such shares shall be made either pursuant to an effective registration statement under the Securities Act and any applicable state securities laws, or pursuant to an exemption from registration under the Securities Act and such state securities laws; and (c) if requested by the Company, the Holder shall submit a written statement, in form satisfactory to the Company, to the effect that such representation (x) is true and correct as of the date of vesting of any shares of Stock hereunder or (y) is true and correct as of the date of any sale of any such share, as applicable. As a further condition precedent to the delivery to the Holder of any shares of Stock subject to the Award, the Holder shall comply with all regulations and requirements of any regulatory authority having control of or supervision over the issuance or delivery of the shares and, in connection therewith, shall execute any documents which the Board shall in its sole discretion deem necessary or advisable.

  • Company Representations (a) The Company is a corporation duly organized, validly existing and in good standing under the laws of the state of its incorporation, and has the power and authority to own, lease and operate its properties and carry on its business as now conducted.

  • CONTRACTOR’S REPRESENTATIONS 8.01 In order to induce Owner to enter into this Contract, Contractor makes the following representations:

  • Client Representations and Warranties You represent that you have the full legal power and authority to enter into this Agreement and that the terms of this Agreement do not violate any obligation or duty to which you are bound, whether arising out of contract, operation of law, or otherwise. If you are an entity (e.g., corporation, partnership, limited liability company, or trust), this Agreement has been duly authorized by the appropriate corporate or other action and when so executed and delivered shall be binding in accordance with its terms. You agree to promptly deliver such corporate resolution or other action authorizing this Agreement at our request. You acknowledge that you have provided us with the information set forth on the “Client Profile” (Exhibit C) and represent that such information is a complete and accurate representation of your financial position and of your investment needs, goals, objectives, and risk tolerance at the time of entering into this Agreement and warrant that you will promptly inform us in writing if and when such information becomes incomplete or inaccurate during the term of this Agreement. You also agree to provide us with any other information and/or documentation that we may request in furtherance of this Agreement or related to your investment needs, goals, objectives, and risk tolerance for the Account, either directly from you or through your designated attorney, accountant, or other professional advisers. You acknowledge that we are authorized to rely upon any information received from such attorney, accountant, or other professional adviser and are not required to verify the accuracy of the information.

  • Contractor’s Representations and Warranties Contractor represents and warrants that neither the execution of this Agreement by Contractor, nor the acts contemplated hereby, nor compliance by Contractor with any provisions hereof will:

  • Client’s Representations and Warranties Client hereby represents and warrants to Adviser that: (i) Client has the requisite legal capacity and authority to execute, deliver and to perform its obligations under this Agreement; (ii) this Agreement has been duly authorized, executed and delivered by Client and is the legal, valid and binding agreement of Client, enforceable against Client in accordance with its terms; (iii) Client’s execution of this Agreement and the performance of its obligations hereunder do not conflict with or violate any provisions of the governing documents of Client or any obligations by which Client is bound, whether arising by contract, operation of law or otherwise; (iv) Client will deliver to Adviser evidence of Client’s authority in compliance with such governing documents upon Adviser’s request; and (v) the Client is the owner of all cash, Investments and other assets in the Account, and there are no restrictions on the pledge, hypothecation, transfer, sale or public distribution of such cash, securities or assets.

  • Buyer’s Representations Buyer represents and warrants to, and covenants with, Seller as follows:

Time is Money Join Law Insider Premium to draft better contracts faster.