The CORAS approach for model-based risk management applied to a telemedicine service.

The CORAS risk management process is based on the Australian standard for risk management and aims at improved methodology for precise, unambiguous, and efficient risk assessment of security critical systems. CORAS addresses security critical systems in general, but places particular emphasis on IT security. For CORAS, a system is not just technology, but also the humans interacting with the technology and all relevant aspects of the surrounding organisation and society.