SVp-13 Solution Risk
This page reproduces part of the SVp-13 Solution Risk architecture viewpoint definition from the specification - TRAK00001. TRAK. Architecture Framework. Viewpoints. The page content is therefore subject to the same GNU Free Documentation License terms and conditions - see https://www.gnu.org/licenses/fdl-1.3.html
Most of the content is produced from a model of TRAK produced using a different set of architecture viewpoints!
Version
The TRAK SVp-13 Solution Risk architecture viewpoint is one of 24 architecture viewpoints defined in TRAK00001. TRAK. Architecture Framework. Viewpoints - current release is dated 2024_07_10.
Perspective | Viewpoint | View ID | Version | Modified |
Solution | SVp-13 | SV-13 | 6 | 2024-07-10 |
Summary
The TRAK SVp-13 Solution Risk architecture viewpoint defines the requirements for the TRAK SV-13 Solution Risk architecture view. This involves allowed content and minimum acceptable content ('well-formedness' criteria). The TRAK00001. TRAK. Architecture Framework. Viewpoints specification also defines consistency rules that apply to a set of architecture views (an Architecture Description).
The TRAK SVp-13 Solution Risk architecture viewpoint content is summarised under the following sections:
- stakeholder concerns
- description
- allowed content
- well-formedness criteria
- presentation methods
- examples
- comments
The TRAK Architecture Viewpoints specification provides are complete definition not only of the SVp-13 Solution Risk architecture viewpoint but considerations for the architecture description formed from a set of architecture views.
Return to the Architecture Viewpoints list or Summary of Architecture Viewpoint Concerns.
Stakeholder Concerns
The TRAK SVp-13 Solution Risk architecture viewpoint addresses the following concerns:
- How does the solution design mitigate or address the vulnerabilities, threats and risks?
- What are the risks posed to the system, or to a third party by the system?
- What are the vulnerabilities of the system of interest?
- What threats is the system of interest exposed to?
Description
Describes the threats posed to a system as a result of vulnerabilities that expose the system of interest (or other resources) to risk.
Describes how these are managed, mitigated or controlled so that the risks are kept at a tolerable level.
Typically used to represent:
- how risks are managed, mitigated and controlled, for example by design
- the origins of a risk in terms of particular threats which exploit system vulnerabilities, for example to support an analysis of the security features of a system
- how threats can cause particular events (which might be part of a sequence that leads to a top level event that needs to be prevented, mitigated or minimised - addressed in the SVp-11 Solution Event Causes Viewpoint).
Allowed Content
TRAK architecture view content is defined in terms of triples - Node - connector - Node e.g. 'Software exposed to Risk' that form short statements about the thing(s) being described.
The rationale for this is explained separately.
Subject Statements (Triples)
These are statements (triples) that describe the subject of the SV-13 Solution Risk architecture view. Specifically these statements address the concerns for this SVp-13 Solution Risk architecture viewpoint. These form the basis for the well-formedness section of the SVp-13 Solution Risk architecture viewpoint.
There are 64 possible subject statements in total which include 15 metamodel elements ( Event , Function , Interaction Element , Job , Mitigation , Organisation , Physical , Resource Interaction , Risk , Role , Software , System , Threat , Vulnerability and Zone ).
The subject statements are split into 3 groups:
Return to the top of the Solution Risk page.
Analysis
30 possible subject statements:
- Event can lead to exposure to Threat
- Function has Vulnerability
- Interaction Element has Vulnerability
- Job has Vulnerability
- Organisation has Vulnerability
- Physical has Vulnerability
- Resource Interaction has Vulnerability
- Risk can lead to exposure to Threat
- Risk caused by Function
- Risk caused by Interaction Element
- Risk caused by Job
- Risk caused by Organisation
- Risk caused by Physical
- Risk caused by Resource Interaction
- Risk caused by Role
- Risk caused by Software
- Risk caused by System
- Risk impacts on Function
- Risk impacts on Job
- Risk impacts on Organisation
- Risk impacts on Physical
- Risk impacts on Role
- Risk impacts on Software
- Risk impacts on System
- Role has Vulnerability
- Software has Vulnerability
- System has Vulnerability
- Threat exploits Vulnerability
- Vulnerability contributes to Vulnerability
- Vulnerability results in Risk
Return to the top of the SV-13 subject statements (triples).
Identification
25 possible subject statements:
- Function poses Threat
- Interaction Element poses Threat
- Job exposed to Risk
- Job poses Threat
- Organisation exposed to Risk
- Organisation poses Threat
- Physical exposed to Risk
- Physical poses Threat
- Resource Interaction poses Threat
- Role exposed to Risk
- Role poses Threat
- Software exposed to Risk
- Software poses Threat
- System exposed to Risk
- System poses Threat
- Threat poses Risk
- Threat to Function
- Threat to Interaction Element
- Threat to Job
- Threat to Organisation
- Threat to Physical
- Threat to Resource Interaction
- Threat to Role
- Threat to Software
- Threat to System
Return to the top of the SV-13 subject statements (triples).
Management & Control
9 possible subject statements:
- Mitigation uses Function
- Mitigation uses Job
- Mitigation uses Organisation
- Mitigation uses Physical
- Mitigation uses Role
- Mitigation uses Software
- Mitigation uses System
- Mitigation uses Zone
- Risk is managed by Mitigation
Return to the top of the SV-13 subject statements (triples).
Return to the Architecture Viewpoints list or Summary of Architecture Viewpoint Concerns..
Optional Statements (Triples)
These optional statements (triples) for the SV-13 Solution Risk architecture view provide useful context with respect to a subject or universally allowed statements involving the subject or object (start or finish) elements in the Subject Statements (triples).
Universal statements may be added to any TRAK architecture view and describe typical concepts such as compliance or traceability:
- ... traces to Argument, Contract, Requirement, Document or Standard
- ... satisfies Contract, Requirement, Document or Standard
- Concern or Claim about ...
- Contract, Requirement, Document or Standard governs ...
These statements address the concerns of their respective architecture viewpoint and will have been created first on these other architecture views.
There are 221 possible statements which may be used to augment the SV-13 Solution Risk architecture view, split into 7 groups:
- Context - Containing System
- Context - Events
- Universal - Applicable Requirements
- Universal - Assurance
- Universal - Concern Identified
- Universal - Requirement Compliance
- Universal - Traceability or Reference
Return to the top of the Solution Risk page.
Context - Containing System
25 additional context statements:
- Job plays Role
- Organisation has part Job
- Organisation has part Organisation
- Organisation is member of Organisation
- Organisation plays Role
- Physical contains System
- Physical has part Physical
- Role extends to Job
- Role extends to Organisation
- Role extends to Physical
- Role extends to Role
- Role extends to Software
- Role extends to System
- Role extends to Zone
- Software has part Software
- Software hosted on Physical
- System is configured with Job
- System is configured with Organisation
- System is configured with Physical
- System is configured with Role
- System is configured with Software
- System is configured with System
- Zone contains Physical
- Zone contains System
- Zone contains Zone
Return to the top of the SV-13 optional statements (triples).
Context - Events
1 additional context statements:
- Event caused by Event
Return to the top of the SV-13 optional statements (triples).
Universal - Applicable Requirements
45 additional context statements:
- Contract governs Event
- Contract governs Function
- Contract governs Interaction Element
- Contract governs Job
- Contract governs Mitigation
- Contract governs Organisation
- Contract governs Physical
- Contract governs Resource Interaction
- Contract governs Risk
- Contract governs Role
- Contract governs Software
- Contract governs System
- Contract governs Threat
- Contract governs Vulnerability
- Contract governs Zone
- Requirement governs Event
- Requirement governs Function
- Requirement governs Interaction Element
- Requirement governs Job
- Requirement governs Mitigation
- Requirement governs Organisation
- Requirement governs Physical
- Requirement governs Resource Interaction
- Requirement governs Risk
- Requirement governs Role
- Requirement governs Software
- Requirement governs System
- Requirement governs Threat
- Requirement governs Vulnerability
- Requirement governs Zone
- Standard governs Event
- Standard governs Function
- Standard governs Interaction Element
- Standard governs Job
- Standard governs Mitigation
- Standard governs Organisation
- Standard governs Physical
- Standard governs Resource Interaction
- Standard governs Risk
- Standard governs Role
- Standard governs Software
- Standard governs System
- Standard governs Threat
- Standard governs Vulnerability
- Standard governs Zone
Return to the top of the SV-13 optional statements (triples).
Universal - Assurance
30 additional context statements:
- Claim about Event
- Claim about Function
- Claim about Interaction Element
- Claim about Job
- Claim about Mitigation
- Claim about Organisation
- Claim about Physical
- Claim about Resource Interaction
- Claim about Risk
- Claim about Role
- Claim about Software
- Claim about System
- Claim about Threat
- Claim about Vulnerability
- Claim about Zone
- Event traces to Argument
- Function traces to Argument
- Interaction Element traces to Argument
- Job traces to Argument
- Mitigation traces to Argument
- Organisation traces to Argument
- Physical traces to Argument
- Resource Interaction traces to Argument
- Risk traces to Argument
- Role traces to Argument
- Software traces to Argument
- System traces to Argument
- Threat traces to Argument
- Vulnerability traces to Argument
- Zone traces to Argument
Return to the top of the SV-13 optional statements (triples).
Universal - Concern Identified
15 additional context statements:
- Concern about Event
- Concern about Function
- Concern about Interaction Element
- Concern about Job
- Concern about Mitigation
- Concern about Organisation
- Concern about Physical
- Concern about Resource Interaction
- Concern about Risk
- Concern about Role
- Concern about Software
- Concern about System
- Concern about Threat
- Concern about Vulnerability
- Concern about Zone
Return to the top of the SV-13 optional statements (triples).
Universal - Requirement Compliance
45 additional context statements:
- Event satisfies Contract
- Event satisfies Requirement
- Event satisfies Standard
- Function satisfies Contract
- Function satisfies Requirement
- Function satisfies Standard
- Interaction Element satisfies Contract
- Interaction Element satisfies Requirement
- Interaction Element satisfies Standard
- Job satisfies Contract
- Job satisfies Requirement
- Job satisfies Standard
- Mitigation satisfies Contract
- Mitigation satisfies Requirement
- Mitigation satisfies Standard
- Organisation satisfies Contract
- Organisation satisfies Requirement
- Organisation satisfies Standard
- Physical satisfies Contract
- Physical satisfies Requirement
- Physical satisfies Standard
- Resource Interaction satisfies Contract
- Resource Interaction satisfies Requirement
- Resource Interaction satisfies Standard
- Risk satisfies Contract
- Risk satisfies Requirement
- Risk satisfies Standard
- Role satisfies Contract
- Role satisfies Requirement
- Role satisfies Standard
- Software satisfies Contract
- Software satisfies Requirement
- Software satisfies Standard
- System satisfies Contract
- System satisfies Requirement
- System satisfies Standard
- Threat satisfies Contract
- Threat satisfies Requirement
- Threat satisfies Standard
- Vulnerability satisfies Contract
- Vulnerability satisfies Requirement
- Vulnerability satisfies Standard
- Zone satisfies Contract
- Zone satisfies Requirement
- Zone satisfies Standard
Return to the top of the SV-13 optional statements (triples).
Universal - Traceability or Reference
60 additional context statements:
- Event traces to Contract
- Event traces to Document
- Event traces to Requirement
- Event traces to Standard
- Function traces to Contract
- Function traces to Document
- Function traces to Requirement
- Function traces to Standard
- Interaction Element traces to Contract
- Interaction Element traces to Document
- Interaction Element traces to Requirement
- Interaction Element traces to Standard
- Job traces to Contract
- Job traces to Document
- Job traces to Requirement
- Job traces to Standard
- Mitigation traces to Contract
- Mitigation traces to Document
- Mitigation traces to Requirement
- Mitigation traces to Standard
- Organisation traces to Contract
- Organisation traces to Document
- Organisation traces to Requirement
- Organisation traces to Standard
- Physical traces to Contract
- Physical traces to Document
- Physical traces to Requirement
- Physical traces to Standard
- Resource Interaction traces to Contract
- Resource Interaction traces to Document
- Resource Interaction traces to Requirement
- Resource Interaction traces to Standard
- Risk traces to Contract
- Risk traces to Document
- Risk traces to Requirement
- Risk traces to Standard
- Role traces to Contract
- Role traces to Document
- Role traces to Requirement
- Role traces to Standard
- Software traces to Contract
- Software traces to Document
- Software traces to Requirement
- Software traces to Standard
- System traces to Contract
- System traces to Document
- System traces to Requirement
- System traces to Standard
- Threat traces to Contract
- Threat traces to Document
- Threat traces to Requirement
- Threat traces to Standard
- Vulnerability traces to Contract
- Vulnerability traces to Document
- Vulnerability traces to Requirement
- Vulnerability traces to Standard
- Zone traces to Contract
- Zone traces to Document
- Zone traces to Requirement
- Zone traces to Standard
Return to the top of the SV-13 optional statements (triples).
Return to the Architecture Viewpoints list or Summary of Architecture Viewpoint Concerns..
Well-Formedness Criteria
Well-formedness criteria define the minimum acceptable view content based on the subject statements (triples). These criteria are not yet represented within the model of TRAK. Please refer to the SVp-13 Solution Risk definition within the TRAK00001. TRAK. Architecture Framework. Viewpoints specification.
Presentation Methods
The SV-13 Solution Risk architecture view may use any of following means to the statements (triples):
Graphical, showing a tree depicting the causal relationships e.g. a fault tree, visualisation of tuples.
Note that a textual presentation is acceptable for any TRAK architecture view.
Examples
Analysis
Comments
The SV-13 Solution Risk architecture view is the master source (origin) on which you first create the following elements or statements:
Neighbouring Architecture Views
The SV-13 Solution Risk architecture view content may overlap that of the following neighbouring architecture views:
- MV-01 Architecture Description Dictionary
- MV-02 Architecture Description Design Record
- MV-03 Requirements and Standards
- MV-04 Assurance
- SV-01 Solution Structure
- SV-11 Solution Event Causes
Navigation & Website Tracker
Spotted an error or want to suggest something - create a ticket
Return to the Architecture Viewpoints list or Summary of Architecture Viewpoint Concerns..
The TRAK architecture viewpoints are subject to the terms of open source license: GNU Free Documentation License (Version 1.3, November 2008) at https://www.gnu.org/licenses/fdl-1.3.html.