Site

RW - Navigation

RW - Recent

Last 10 entries [comments]:

Forums

Last 10 posts [threads/views]:

Wiki

Last 10 pages updated:

There are 484 wiki pages in total.



RSS logoRSS Feed
 

The Residual World::Tag = 'Forum'

Entries that have been tagged with 'Forum'.-

Risk and Threats - The Common Ground Between Security and Safety?

by Nic Plum on Tuesday 10 April, 2012 - 21:25 GMT

Posted in Architecture FrameworkTRAK

Tags: def standefenceforumiso42010mil stdontologyrisksafetysecuritysolutionsourceforgestandardthreattrakviewviewpointvulnerability

TRAK Logo

This is something that has been bumbling around for some considerable time - safety and security. By that I whether there is something useful that an enterprise architecture view can be used for in the system safety and security disciplines.

On the face of it there is quite a bit of overlap. Both are ultimately concerned with risk inherent in a solution design which arises from threats (security) or hazards (safety). Both involve management with the aim to reduce the risk, threat or accident (safety) to an acceptable or tolerable target. I suspect also that security management also uses categories to classify acceptable severity or probability in much the same way that the various system safety management standards in defence do (MIL STD 882D, DEF STAN 00-56). Both also involve mitigation of risk by design - through structure, behaviour, or adherence to a normative process of some sort.

There are bound to be some differences, not the least of which is terminology. In the security area we seem to have constructs like:

  • Threat poses Risk
  • Threat exploits Vulnerability
  • design aka TRAK:Resource (System, Software, Organisation, Job or Role) exposed to Risk (and subsequently that Risk is mitigated by the (improved) Resource or Function (of that Resource)

In the safety area we seem to have constructs like:

  • Failure may present Hazard
  • Hazard can cause Accident
  • Accident poses Risk
  • Resource exhibits Failure

and attributes such as probability, impact, severity.

Anyway it seems sensible to open up the debate so I’ve posted some thoughts in the forums within the TRAK Viewpoints project site on Sourceforge. Something is definitely needed and my hunch is that there is so much overlap that it would be possible to create a Viewpoint that addresses the risk within a solution design. This may of course end up being two viewpoints depending on the concerns and therefore concepts (metamodel stereotypes) and relationships involved. What is needed is more debate and input from those involved with system safety and system security - hence the post. As ever with TRAK the objective is economy so that we have something that is just or barely adequate to describe the concerns and concepts involved and no more.

 

Comments

Comment on this article

Related Articles

    Sharing tags:

    Forums

    External Links

    Putting the Architectural Modelling Community First - What You Can Expect to See

    by Nic Plum on Saturday 02 January, 2010 - 14:03 GMT

    Posted in Site

    Tags: blogforumfunplansitestructurewiki

    This current site is really only a interim site. What is intended is a site that properly supports the folks using TRAK or other MDAF-based architecture frameworks and one which represents the ethos behind it:-

    • pragmatic - led by need and application - the human interface to the framework (usability, affordance etc.)
    • open - decisions, rationale, explanation
    • democratic - involve the community in the site content rather than broadcast top down what I/we think folks need. The centre of gravity ought to be with the users rather than the specifiers-of the framework
    • fun - why not? Systems thinkers/engineers and architects are real, dare I say it ‘whole’ people and all sides need to be addressed
    • dynamic - the content needs to be able to change and adapt to new circumstances, thinking or practice

    What You Might Expect

    The features that you should expect to see are:-

    • each section of the site is a ‘blog’
      • articles can be discussed and commented on by site members
      • updates notified by RSS news feeds
    • articles can be linked together, tagged, put into categories and dynamically sorted/displayed and searched for by users
    • discussion forums
      • tool support
      • use of architecture frameworks
      • modelling / repository organisation - not governed by frameworks but important and common to all
    • architects can submit examples of views to help others
    • wiki to hold facts on architecture frameworks e.g. metamodel elements, use of UML tools, tips, plugins etc.
    • single sign-on to comment, add a forum discussion or to add to the wiki
    • everyone can see everything - nothing hidden
      • only site members can contribute or comment - contributors and commenters recognised and stand up to the mark!
    • fun / anarchic humour
      • the lighter side
      • not taking life too seriously

    Comments

    Comment on this article

    Related Articles

      {REL[135][related1_blog]FnbO5IXkREL}

      Sharing tags:

      External Links

      1.2.004 adl admin advice applescript application architecture architecture description architecture description language architecture framework artefact artisan studio award berlow blog boundary browser bug c3 capability capability configuration colaboration collaboration committee compare compliance concept concert conference configuration control conformance consistency content contrast css cv01 def stan defence definition demonstration denmark department for transport develop discovery dndaf document dod dodaf drawing enterprise enterprise architect ertms event evolve exchange exploit forum fun geneology gfdl gnu graph group handbook hazard head-model history humour ibm rhapsody iec ieee ieee1471 iet ietf implement implementation incose innovation institute integrated ea interoperability introduction ipad iso iso42010 isse keynote knowledge language linkedin lockheed martin london london underground m3 mac management mdg meaning meeting metamodel mil std modaf model modelling style naf nato natural language needline news nist no magic magicdraw noun omg omnigraffle ontology open source opensource operational organisation oxfordshire perspective plan platform playlist portability presentation procurement profile project public publication publish purpose rail relationship release repository research resource rfc4677 risk role rssb rule safety sea search security sentence service singapore site softeam modelio software solution song sos sourceforge sparx systems sparx systems enterprise architect specification spreadsheet stakeholder concern standard steering group stencil stereotype store strategy structure support sysml system system authority system of systems systems engineering team template test threat
       

      All articles/posts © of the respective authors

      Site design and architecture © 2010 - 2011 Eclectica Systems Ltd.