View DNDAF:Security View

dnd.gif

* =  changed at 1.7

+ =  new at 1.7

Overview*

The DNDAF Security View is one of the 8 DNDAF Views*.

DND/CF Architecture Framework (DNDAF) Version 1.7, Volume 2: DND/CF Views and Sub-Views, section 2.10:

The Security View (SecV) provides visibility on those attributes of the DND/CF architecture that deal with the protection of assets. Consequently it deals with the security and information assurance architecture of the DND/CF.

The Security View begins with the development of the other sub-views, and as this design progresses it also provides the context for the risk assessment. Thus, the Common View (CV) products specify the operational goals, strategies, and critical success factors that could involve or are related to security. The Operational View (OV) products must specify :

  • The locations (jurisdiction) to ensure the right security policy is applied to high level business functions, operational activities and services;
  • The organization and roles to provide information about security accountability;
  • The time dependency information necessary for the analysis of risk and controls; and
  • The connectivity and information exchange.

The recommendations of the risk assessment will take into account legislation, Government of Canada policies and departmental policies and standards/baseline and it will drive security strategies and security requirements that will point to aspects of the Operational View (OV) products and of the System View (SV) products, that specify security systems and the functionality that aids in the accomplishment of the operational security goals. The Technical View (TV) identifies the standards that are necessary to make systems acceptable with respect to operational security goals.

The SecV, in relationship to these other views will highlight the requirements of ensuring an overall and comprehensive approach to security that begins early in the development of an architecture design to avoid expensive retrofits once the architecture is deployed.

As part of a standard practice of security the Security view enable threat risk analysis, security data element labelling and ensuring that data aggregation does not impact security. This view currently comprises three main areas :

  • Risk Assessment;
  • Security Data Element; and
  • Aggregated Information Security.

Thus, after the risk assessment is conducted and the security of the Data Elements is identified and documented, then the information can be assessed for the impact of its aggregation of data in regard to its security implications.

The Security View (SecV) in DNDAF has the following 3 sub views:

There are in 36 subviews* defined in the DNDAF.

Version &Date

1.7 see DNDAF Release History.

Configuration History

1.7 - old SecV-1 and SecV-2 renumbered SecV-2 and SecV-3 respectively. New subview SecV-1

 

Other Frameworks

There is no equivalent in DODAF, MODAF, NAF or TRAK.

References

 

Category:Framework -> Collection
Category:Framework -> View

Categories:

 

© 2010 Eclectica Systems Ltd.