View DNDAF:SecV-1 Risk Assessment Subview

dnd.gif

Title

SecV-1 Risk Assessment Subview

Version & Date

1.7 See DNDAF Release History

* =  changed at 1.7

+ =  new at 1.7

Introduction +

One of the 3 subviews in the DNDAF Security View. There are in 36 subviews defined in the DNDAF.

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views, 3.35:

Security is concerned with the appropriate protection of the assets that the business has identified to enable its objectives. The risk assessment identifies the risk for those assets, and the risk management schemes.

The term risk, where not otherwise qualified, refers to the uncertainty that surrounds future events and outcomes. It is the expression of the impact of an event that has the potential to influence the achievement of an organization’s objectives and of the likelihood of that event of happening which is based both, on the threat agent capabilities as well as its intent/motivation.

The Security View 1 (SecV-1) captures assets, risk and risk management information. The use of SecV-1 follows the Threat and Risk Assessment (TRA) processes of asset valuation (in terms of confidentiality, integrity and availability), threat assessment, vulnerability assessment of the asset under analysis, and a detailed risk analysis. SecV-1 articulates risk judgements that have been performed and links these analyses to control objectives that drives the design of the security components of the architecture.

Purpose +

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views, 3.35:

SecV-1 provides the opportunity to both, capture risk assessment and risk management within a general architecture design context, to help introduce security consideration early on in the architecture project and track them through the life of the project architecture.

Description +

Definition +

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views, 3.35:

The SecV-1 documents the association of threats, vulnerabilities, residual risks to assets and the security control objectives recommended to mitigate the risk.

Detailed Description +

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views, 3.35:

SecV-1 is a listing of identified architectural assets, threats, vulnerabilities and risks with detailed characteristics descriptions, providing a severity assessment of the risk and the resulting recommendations in the form of security control objectives.

The architecture assets information captured here are from the perspective of their use by the business and the value that is attached to them. These assets are vulnerable to threats; therefore, risks are identified and then a strategy to mitigate these risks is developed through the setting of control objectives. This mitigation strategy will impact the remainder of the architecture in designing the security solution.

Subview DADM Elements +

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views, 3.35:

The DADM entities and attributes provided below are the elements that this sub-view is responsible for creating:

Presentation +

  • Tabular

Examples +

See:

  • p170 Figure 3.35.1 in DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views

Prerequisites +

Version 1.7 no longer defines pre-requisites for any subview.

See DNDAF Subview Dependencies

Configuration History

1.7 - new subview

Comments

 

Other Frameworks

There is no equivalent architecture in DODAF, MODAF, NAF or TRAK.

References


Category:Framework -> Specification
Category:Framework -> Subview

Categories:

 

© 2010 Eclectica Systems Ltd.