UAF 1.2 RTF Avatar
  1. OMG Issue

UAF12 — Risk concept to be expanded to include more than security risks

  • Key: UAF12-51
  • Status: closed  
  • Source: Aerospace Corporation ( James Martin)
  • Summary:

    Opportunities to be pursued can present additional Risks to the enterprise or to its stakeholders. Need to expand Risk to cover more than security risks. Risk Mitigation should be more general than that which performs security process or satisfies security control (shown in presentation).

    Opportunities can be negated by associated Risks. Important to balance new Opportunities with associated Risks. At enterprise level, Opportunity Management can have greater impact than Risk Management.

  • Reported: UAF 1.1 — Thu, 2 Jul 2020 16:00 GMT
  • Disposition: Resolved — UAF 1.2
  • Disposition Summary:

    *Risk concept generalised *

    Risk in v1.1 was only associated with those that are mitigated by security controls as they pertain to views in the Security Domain. Risk is more general notion that can be applied to any element in the architecture, so a new Risk element was added and the old Risk element was made a subtype name Security Risk.

  • Updated: Thu, 31 Mar 2022 19:31 GMT
  • Attachments: