F7_IMAN Impact Analysis Viewpoint
Domain | Aspect | Maturity |
---|---|---|
Functional | Safety & Security | proposed |
Purpose
tbd
Applicability
tbd
Supported Processes
Supported Information Items
Presentation
Stakeholder
Concern
Exposed Concepts
The Diagram shows the concepts exposed by the viewpoint, and related concepts if necessary.
The Table shows the concepts exposed by the viewpoint, and related concepts if necessary.
Concept | Documentation |
---|---|
Confidentiality | Confidentiality is a Security Objective. Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. [44 U.S.C., Sec. 3542] |
Security Objective | The Security Objectives are defined as the CIA-Triad (Confidentiality, Integrity, Availability) (Synonym: Security Attribute, Security Propaty) FIPS PUB 199 - Standards for Security Categorization of Federal Information and Information Systems: "The FISMA defines three security objectives for information and information systems: CONFIDENTIALITY “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” [44 U.S.C., Sec. 3542 ] A loss of confidentiality is the unauthorized disclosure of information. INTEGRITY “Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity…” [ 44 U.S.C., Sec. 3542] A loss of integrity is the unauthorized modification or destruction of information. AVAILABILITY “Ensuring timely and reliable access to and use of information…” [44 U.S.C., S EC. 3542 ] A loss of availability is the disruption of access to or use of information or an information system." |
Integrity | Integrity is a Security Objective. Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. [44 U.S.C., Sec. 3542] |
Availability | Availability is a Security Objective. Availability: Ensuring timely and reliable access to and use of information. [44 U.S.C., Sec. 3542] |
Consequence | The violation of an Security Objective has a Consequence. NIST SP 800-160v1r1 and ISO/IEC 15026-1:2019 describing Consequence as following: "Effect (change or non-change), usually associated with an event or condition or with the system and usually allowed, facilitated, caused, prevented, changed, or contributed to by the event, condition, or system." |
Severity Level | |
Effect on System | |
Effect on Operator | |
Effect on People | |
Effect on Environment | |
S0-No Effect | |
S1-Minor | |
S2-Major | |
S3-Hazardous | |
S4-Catastrophic |
Realization of exposed Concepts
The Diagram shows the realization of exposed concepts.
The Table shows the realization of exposed concepts.