CORAS is an approach to model-driven risk analysis that consists of three tightly integrated parts, namely the CORAS method, the CORAS language and the CORAS tool. The approach is based on established international standards and comes with practical guidelines and well-founded techniques for how to conduct risk analyses in practice. The various risk analysis tasks are supported by the CORAS language that provides customized techniques for risk identification, risk modeling and risk documentation. The CORAS tool provides computerized support throughout the whole risk analysis process. This talk will give an introduction to CORAS and exemplify its use in security risk analysis.