Legal information

Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)

ARCH.019 Determine need for information availability, confidentiality, integrity

SM-2755 - Populate Confluence page for activity definition: ARCH.019 Determine need for information availability, confidentiality, integrity Created

GoalSet of information objects that are to be protected against loss, corruption or loss of integrity to ensure safe railway operation. 
Requirements met by this process step

IEC 62443

RiL 114.0210 05 (6)

Inputs
OutputsViewpoint that identifies all information objects whose vulnerability results in a loss (with respect to safety or business).
Methodology

For each information object provided in instances of AMOD-110 it shall be determined whether any of the following characteristics of that information potentially results in a loss (with respect to safety of business): 

  • The defined information object is not transmitted
  • The defined information object is corrupted (i.e. not readable or unexpected information is exchanged)
  • The defined information object is having expected but manipulated values (e.g. a journey profile is exchanged but destination values are modified)

Note: The list above is not an exhaustive list of characteristics and has to be consolidated with security experts.

Tools and non-human resourcesTeam for Capella
CardinalityOne-off with possibility of revisions
Completion criteria

The The output view is complete i.e. sufficient losses and threat states have been covered

The output view includes elements that are required by DB regulations, where applicable

The output view conforms to its modelling rules

Design reviewARCH.R.2 Operational review - consolidated
Step done by (Responsible)Security expert
Provides input to/assists (Contributes)None identified
Reviews (Contributes)Security engineer
Uses outputs (Informed)ARCH.170 Identify security losses & threats