“…A broad range of methods and techniques already exist for both safety and security analysis. Examples of safety techniques are Functional Hazard Assessment (FHA) (Eurocontrol, 2004), Preliminary Hazard Analysis (PHA) (Ericson, 2005), HAZard and OPerability (HAZOP) (Ericson, 2005, Winther el al., 2001, Failure Mode and Effect Analysis (FMEA) (Stamatis, 1995), Fault Tree Analysis (FTA) (Ericson, 2005), Event Tree Analysis (ETA) (Ericson, 1999;, and Boolean-logic Driven Markov Processes (BDMP) that models malicious and accidental scenarios in a tree structure (Pietre-Cambacedes & Bouissou, 2010). Examples of security techniques are attack trees (Schneier, 1999;2000), threat trees (Amoroso, 1994), various adaptations of UML (Rodriguez et al, 2006, Jurjens, 2002, Lodderstedt et al, 2002, abuse cases (McDermott & Fox, 1999), misuse cases (Sindre & Opdahl, 2000;, security policies (Anton & Earp, 2000), KAOS with anti-goals (Dardenne et al, 1993;van Lamsweerde, 2000;van Lamsweerde & Letier, 2004), extensions of i* (Liu et al 2003;Elahi, 2012), Secure Tropos (Mouratidis et al, 2005;2007;Massacci & Zannone, 2006), abuse frames (Lin et al, 2003;2004), security patterns (Schumacher et al, 2005) and risk-based elicitation of security requirements (Matulevicius et al, 2008;Herrmann et al, 2011).…”