F7_IMAN Impact Analysis Viewpoint

Domain Aspect Maturity
Functional Safety & Security proposed

Purpose

tbd

Applicability

tbd

Supported Processes

Supported Information Items

Presentation

Stakeholder

Concern

Exposed Concepts

The Diagram shows the concepts exposed by the viewpoint, and related concepts if necessary.

The Table shows the concepts exposed by the viewpoint, and related concepts if necessary.

ConceptDocumentation
ConfidentialityConfidentiality is a Security Objective. Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. [44 U.S.C., Sec. 3542]
Security ObjectiveThe Security Objectives are defined as the CIA-Triad (Confidentiality, Integrity, Availability) (Synonym: Security Attribute, Security Propaty) FIPS PUB 199 - Standards for Security Categorization of Federal Information and Information Systems: "The FISMA defines three security objectives for information and information systems: CONFIDENTIALITY “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” [44 U.S.C., Sec. 3542 ] A loss of confidentiality is the unauthorized disclosure of information. INTEGRITY “Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity…” [ 44 U.S.C., Sec. 3542] A loss of integrity is the unauthorized modification or destruction of information. AVAILABILITY “Ensuring timely and reliable access to and use of information…” [44 U.S.C., S EC. 3542 ] A loss of availability is the disruption of access to or use of information or an information system."
IntegrityIntegrity is a Security Objective. Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. [44 U.S.C., Sec. 3542]
AvailabilityAvailability is a Security Objective. Availability: Ensuring timely and reliable access to and use of information. [44 U.S.C., Sec. 3542]
ConsequenceThe violation of an Security Objective has a Consequence. NIST SP 800-160v1r1 and ISO/IEC 15026-1:2019 describing Consequence as following: "Effect (change or non-change), usually associated with an event or condition or with the system and usually allowed, facilitated, caused, prevented, changed, or contributed to by the event, condition, or system."
Severity Level
Effect on System
Effect on Operator
Effect on People
Effect on Environment
S0-No Effect
S1-Minor
S2-Major
S3-Hazardous
S4-Catastrophic

Realization of exposed Concepts

The Diagram shows the realization of exposed concepts.

The Table shows the realization of exposed concepts.

Required Viewpoints

Example