Security vulnerabilities modelling

Post Reply
rungsima
Posts: 10
Joined: 15 Dec 2009, 07:29

I would like to model security vulnerabilities which be related with technology product, server node and application provider. Could I model it at Security Management in EA Support?

Your advise is greatly appreciated
Rungsima
User avatar
jonathan.carter
Posts: 1087
Joined: 04 Feb 2009, 15:44

The Security Management layer provides the classes to capture and manage the security capabilities that we require, the principles that we have and then go on to model the policies and solutions for providing the capabilities in the context of the principles.

We can define security policies in terms of any resource, people, hardware, software, locations, etc. and use the Security Management classes to describe what we need to do and how we plan to do that.

However, I think what you are looking at is the set of known [security] risks associated with particular things, e.g. Technology Products, Application Providers or server nodes, rather than what we need to do about those vulnerabilities and how we will resolve them (which is what the Security Management layer would provide).

If so, I think that these vulnerabilities could be best captured and managed in the Strategy Management layer as Issues in the Strategic Requirement section. From there, we can define Strategic Plans for how we will resolve these, which can then be related to our Security Management elements, such as Security Policies and Security Solutions.

Hope this helps

Jonathan
Essential Project Team
Post Reply