Alignment of ADTree to ISSRM - salman-/A-ADTree GitHub Wiki

What is the Domain Model for Information System Security Risk Managment?

Information system security risk management is a domain model which presents the main items in an information system from the perspective of security. These items include (1) Assets concepts, (2) Risk concepts, and (3) Risk treatments concepts. Fig 1. shows the domain model of ISSRM.

Assets concepts: In ISSRM, the assets mentions to all valuable things in the organization. It has two main categories, Business assets and Information System assets (IS Asset). Busi-ness Assets are the assets which are related to the processes, business, information, or essential skills of the organization. IS Asset consist of all the valuable things related to the information system part. Therefore, the equipment like database, networks, routers and operating systems are among IS assets. All assets can be a target of malicious actions. Thus, it is essential to consider the security criterion for them. There is three main criterion in this part, integrity, availability, and confidentiality.

Risk concepts: In the ISSRM a risk is a combination of several different concepts. The most important ones are threat agent, attack method, vulnerability, and impact. The rest of concepts (like Event, Threat, and Risk) are derived from the aggregation of these four concepts. A threat agent is anyone that has skills and motivation to do a malicious attack. An Attack method is a process which may lead to a problem in the whole system. A threat is potential possibility that, an attacker uses an attack method against an asset. Also, a threat exploits some vulnerabilities in the information system assets. These vulnerabilities are characteristics in the IS assets which facilitate the threats.

Risk Treatment Concepts: Risk-treatment concepts involves three main factors. The first factor is risk treatment which describes the policy to face the risk. This policy could be one of the risk avoidance, risk reduction, risk transfer, or risk retention. The risk treatment part is a management decision part. The second factor is security requirement, and the third one is controlling. Security requirement gets extracted based on the risk and risk treatment policy. The control is an implementation of security requirements. The cost attribute helps to evaluate the solutions from the perspective of the economy.

How alignment is useful?

It is important to find a way to consider security during the design and early steps of development. Many modeling languages have their own purposes, but they do not consider the presentation of security risks. For instance, the Bussiness Process Managment Notation (BPMN) is supposed to maximize the benefit of both customer and company at the same time. But, during a business process, some security risks may happen too.

It is important to improve the current modeling languages in order to show the security risks too. One of the key tools for this improvement is to make an alignment from the modeling languages to domain model for information security risk management (ISSRM).

What are the steps to make an alignment?

Obtain the domain model for current ADTree

Add then found out semantic concepts which are missed, and we added them to respected elements.We obtained a new domain model which we called it Aligned Attack-Defense Tree (A-ADTree).

And the below table shows the final result of the alignment: