Forwarded from: "Vicente Aceituno" <vac (at) zenobia.es> This language enables expressing all the security aspects of physical and logical information assets (an environment, an application, a database, a system, media, etc), including business, compliance and technical objectives. It has compatiblity attributes for confidenciality-integrity-availability-privacy-criticality classifications. (protectiveMarking, privacyMarking, availabilityMarking, businesscontinuityMarking, integrityMarking) It has links to access control, digital signatures and logs (authorityList, accessRigthsList, rightsHolder, eventSet, eventType, userIDType, timeZone, startDate, expiryDate, constituency, securityHandling, handlingControl, handlingApplicability It supports assets lifecycles (objectState, classificationReviewDueDate, additionalMetadata) It supports internal and external compliance, licensing, copyrights, etc (objectLocation, policySet, policyType, policySubType) It expresses availability objectives accurately (availabilityWindow startFirstWindow, endFirstWindow, recurringPeriod, recurringCardinality, minPercentageUptime, maxNumberOfInterruptions, maxNumberOfTransactionsLostPerInterruption, minLoad, loadUnits, recoveryTimeObjective, recoveryPointObjective) It expresses retention and expiration objectives accurately (retentionTarget, itemType, retentionEvent, retentionEventDate, minRetentionSinceRetentionEvent, maxPercentageOfItemsLost, expirationTarget, expirationEvent, expirationEventDate, maxRetentionSinceExpirationEvent) It expresses quality objectives accurately (precisionTarget, maxPercentageOfIncorrectItems, itemType, relevanceTarget, itemType, maxPercentageOfOutDatedItems, averageRelevanceOfItems, completenessTarget, maxNumberOfUnnecessaryItems, maxPercentageOfEmptyItems, maxPercentageOfMissingItems, maxPercentageOfIncoherentItems) It expresses environmental conditions accurately (electricityTarget, cType, upperCurrentLimit, lowerCurrentLimit, currentUnits, upperVoltage, lowerVoltage, voltageUnits, temperatureTarget, upperLimit, lowerLimit, temperatureUnits, humidityTarget, humidityUnits, lightTarget, lightUnits, radiationTarget, radiationUnits) Probably the quickest gains from IAML is linking back items with their compliance requirements and expresing availability in terms that are meaningful for system design. My best Vicente ISM3 Consortium _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue May 29 2007 - 22:25:29 PDT