AORDD concepts
The ontology that describes the underlying concepts of the AORDD framework.
Specurity Aspects
Specification Elements
Name
Description
Assets are something to which an organization directly assigns value and, hence, for which the organization requires protection.
Person or group with an interest on an asset.
The asset value is measured in terms of the importance to the business.
Specifies the boundaries for what is being assessed.
Describes rules, directives, and practices that govern how assets are managed, protected, and distributed within an organization and its information systems.
Requirements that are designed to protect the value of assets.
A potential cause of an misuse which may lead to harm to a system or organization.
One or more security threats may exploit one or more vulnerability and lead to a misuse.
Has an associate impact and frequency of occurrence and can have an impact which leads to loss of asset value.
Combination of misuse, impact, and frequency.
Increases asset value.
Decreases asset value.
Leads to loss or gain of asset value.
How often a misuse occurs.
Represents the selection and implementation of appropriate options for dealing with risks.
Describes acceptable levels of loss.
Security Aspects
Cost-Benefit Trade Off
connect security aspects with architecture description.- Specification Elements:
- Asset
- Value
- Target of Assessment
- Security Policy
- Security Requirement
- Threat
- Vulnerability
- Misuse
- Risk Level
- Gain
- Loss
- Impact
- Frequency
- Security Risk Treatment
- Security Risk Acceptance Criteria
- Threats:
- Spoofing
- Tampering with Data
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privileges
Specification Elements
Asset
Assets are something to which an organization directly assigns value and, hence, for which the organization requires protection.- Applies to:
- Entity
- Activity
- Data
- Node
- Connection
Stakeholder
Person or group with an interest on an asset.- Applies to:
Value
The asset value is measured in terms of the importance to the business.- Applies to:
Target of Assessment
Specifies the boundaries for what is being assessed.- Applies to:
Security Policy
Describes rules, directives, and practices that govern how assets are managed, protected, and distributed within an organization and its information systems.- Applies to:
Security Requirement
Requirements that are designed to protect the value of assets.- Applies to:
Threat
A potential cause of an misuse which may lead to harm to a system or organization.- Applies to:
Vulnerability
One or more security threats may exploit one or more vulnerability and lead to a misuse.- Applies to:
Misuse
Has an associate impact and frequency of occurrence and can have an impact which leads to loss of asset value.- Applies to:
Risk Level
Combination of misuse, impact, and frequency.- Applies to:
Gain
Increases asset value.- Applies to:
Loss
Decreases asset value.- Applies to:
Impact
Leads to loss or gain of asset value.- Applies to:
Frequency
How often a misuse occurs.- Applies to:
Security Risk Treatment
Represents the selection and implementation of appropriate options for dealing with risks.- Applies to:
Security Risk Acceptance Criteria
Describes acceptable levels of loss.- Applies to: