Sammendrag
An Evaluation of CORAS
By Jenny B. Hougen
The goal of the research was to continue the research of CORAS with the purpose of evaluate and improve the CORAS framework. The research consisted of two main investigations:
„P Investigate parts of the CORAS framework
„P Investigate organisations use and need of IT-security standards
In order to limit the research there were created thesis success criteria. The main purpose of this research was to evaluate these success criteria. To be able to answer the success criteria a number of hypotheses were formulated. This paper has given an account for the evaluation of these hypotheses and a discussion of whether the thesis success criteria are fulfilled. The hypotheses were compared with evidence from two investigations:
„P A field trial in the Agresso organisation: A full security analysis of industrial scale was accomplished in the Agresso organisation. During the analysis results were collected.
„P An IT-security standards survey: Twenty organisations answered a questionnaire about their relations to IT-security standards