Information Technology Reference
In-Depth Information
Table 6. Assessment of impact and risk
Threat
Unauthorized access to Grid system
MEDIUM if the authorization privileges are very limited (i.e.
only reading).
Impact
VERY HIGH if the opposite is the case
Attack
Unauthorized access
Probability
Normal
Normal
Risk
HIGH
VERY HIGH
Threat
Unauthorized alteration of information
Impact
LOW if there is no personal information modified
HIGH if the opposite is the case
Attack
Modification of information
Probability
Frequent
Frequent
Risk
LOW
HIGH
Threat
Unauthorized disclosure of information
Impact
LOW when the disclosed information is not sensitive or important HIGH if the opposite is the case
Attack
Interception of information
Probability
Frequent
Very Frequent
Risk
LOW
HIGH
Threat
Masquerade as a certain user
LOW when the exchanged information with the fooled entity is
not sensitive or important
Impact
HIGH if the opposite is the case
Attack
Masquerade
Probability
Frequent
Normal
Risk
MEDIUM
VERY HIGH
Process Framework), and enables its au-
tomated integration with the processes of
other methodologies based on UML as UP,
OPEN, OpenUP, etc.
the security architecture, into the definition
of policies of the system or into the deci-
sions of implementation.
•
Study and incorporate security patterns
into the design activity to facilitate and en-
sure the correct incorporation of architec-
tural elements that define already proven
security solutions and help us construct the
security architecture specific for mobile
Grid systems.
•
Concrete and refine the generic tasks of
the used development processes that have
been incorporated into our process.
•
Refine and improve the parameters and
tagged values of the GridUCSec-profile for
capturing the most important aspects and
features of Mobile Grid systems to take
them into account in the design and con-
struction activities of the process.
•
Define templates for the specification of
security requirements based on IEEE std.
1233, 12207.1, 830 standards, SIREN, etc.
that impose a format and a specific method
for the definition and extraction of infor-
mation for functional and non-functional
requirements, especially those of security,
identified in the analysis activity and that
•
Improve the reference security architec-
ture for that the security aspects consid-
ered in the analysis activity through the
GridUCSec-profile can easily be incorpo-
rated as parameters into the interfaces of
Search WWH ::
Custom Search