View DNDAF:SecV-3 Aggregated Information Security Matrix Subview

dnd.gif

Title

SecV-3 Aggregated Information Security Matrix Subview Subview

Version & Date

1.7 See DNDAF Release History

* =  changed at 1.7
+ =  new at 1.7

Introduction *

The SecV-3 subview is part of the DNDAF Security View. There are in 36 subviews defined in the DNDAF.

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views:

The Security View-3 (SecV-3): Aggregated Information Security Matrix is a matrix of all Operational Information Exchange (OV3) and System Data Exchanges (SV6) used by the architecture project that may cause potential information aggregation security violations. Before designing access to information elements, their security sensitivity and data aggregation implications must be known. This sub-view provides a capability to identify aggregated security implications.

It is fundamental to information security management that the security level of any report or automated output must be at least as high as the classification of any data element on the report. However, there must be a capability to identify the aggregation of information when two or more, either Operational Information Exchanges or System Data Exchanges, are brought together and the result of this aggregation contains information with a higher classification level than the one assigned to them individually.

Purpose

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views:

The purpose of this view is to help in the assessment of either Operational Information Exchanges or System Data Exchanges to prevent information aggregation security issues.

Description

Definition *

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views:

The SecV-3 is a matrix of all information aggregation issues known to exist among the Operational Information Exchanges and System Data Exchanges within the architecture project. Included in this sub view is a description of the type of aggregation issues. For example, aggregation may be caused by summary data such as adding together the sum of all torpedo inventories across all ships and ammunition dumps, which would result in the total of all torpedoes, which are classified as SECRET. Another example is a combination of information, such as the number of gun barrels for the CF tanks and the maintenance schedule of the tanks, which together could allow the deduction of the number of operational tanks, which is also classified as SECRET.

Detailed Description *

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views:

This sub-view builds on the work done in the Operational Information Exchange Matrix (OV-3) where the architect documents the security level of an Information Exchange Requirement on a specific need-line and on its associated System Data Exchanges where its security level is documented. It also builds on the work done in the Data Element Security Matrix (SecV-2), where the security level of the data elements of the System Data Exchanges of the architecture project in focus is identified and documented.

This sub-view consists of a listing of all the Operational Information Exchanges and System Data Exchanges in focus and the resulting security classification of this aggregation.

Subview DADM Elements

From DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views:

The DADM entities and attributes provided below are the elements that this sub-view is responsible for creating:

Note that the SecV-2 and CV-2 are defined as being responsible for the creation of the Data Attribute entity.

Presentation

  • Tabular

Examples

See:

  • p179 Figure 3.37.1 in DND/CF Architecture Framework (DNDAF)  Volume 2: DND/CF Views and Sub-Views

Prerequisites

Version 1.7 no longer defines pre-requisites for any subview.

From 1.6:

The SecV-2 is the prerequisite for this sub-view.

See DNDAF Subview Dependencies

Configuration History

1.7 new subview identifier
1.6 was SecV-2 Aggregated Information Security Matrix Subview

Comments

 

Other Frameworks

There is no equivalent architecture in DODAF, MODAF, NAF or TRAK.

References


Category:Framework -> Specification
Category:Framework -> Subview

Categories:

 

© 2010 Eclectica Systems Ltd.