Page 1 of 1
Security vulnerabilities modelling
Posted: 27 Jul 2012, 02:08
by rungsima
I would like to model security vulnerabilities which be related with technology product, server node and application provider. Could I model it at Security Management in EA Support?
Your advise is greatly appreciated
Rungsima
Re: Security vulnerabilities modelling
Posted: 20 Aug 2012, 16:38
by jonathan.carter
The Security Management layer provides the classes to capture and manage the security capabilities that we require, the principles that we have and then go on to model the policies and solutions for providing the capabilities in the context of the principles.
We can define security policies in terms of any resource, people, hardware, software, locations, etc. and use the Security Management classes to describe what we need to do and how we plan to do that.
However, I think what you are looking at is the set of known [security] risks associated with particular things, e.g. Technology Products, Application Providers or server nodes, rather than what we need to do about those vulnerabilities and how we will resolve them (which is what the Security Management layer would provide).
If so, I think that these vulnerabilities could be best captured and managed in the Strategy Management layer as Issues in the Strategic Requirement section. From there, we can define Strategic Plans for how we will resolve these, which can then be related to our Security Management elements, such as Security Policies and Security Solutions.
Hope this helps
Jonathan