UAF 1.0 FTF Avatar
  1. OMG Issue

UAF — definition for element Risk includes Information security risk definition.

  • Key: UAF-36
  • Status: closed  
  • Source: MITRE ( Fatma Dandashi)
  • Summary:

    Old Definition:
    “A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Software related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems.”

    New Definition:
    “A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. "

    A type of risk is Information security risk: "Those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (i.e., mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.”
    users can define subtypes of risk to include Information security risk, cost risk, schedule risk, etc. UAF will define only Risk.

  • Reported: UAF 1.0b1 — Tue, 21 Mar 2017 17:42 GMT
  • Disposition: Resolved — UAF 1.0
  • Disposition Summary:

    definition for element Risk includes Information security risk definition.

    Old Definition:
    “A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Software related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems.”

    New Definition:
    “A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. "

    A type of risk is Information security risk: "Those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (i.e., mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.”
    users can define subtypes of risk to include Information security risk, cost risk, schedule risk, etc. UAF will define only Risk.

  • Updated: Mon, 16 Oct 2017 15:16 GMT