Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)
ARCH.019 Determine need for information availability, confidentiality, integrity
SM-2755
-
Populate Confluence page for activity definition: ARCH.019 Determine need for information availability, confidentiality, integrity
Created
Goal | Set of information objects that are to be protected against loss, corruption or loss of integrity to ensure safe railway operation. |
---|---|
Requirements met by this process step | IEC 62443 RiL 114.0210 05 (6) |
Inputs | |
Outputs | Viewpoint that identifies all information objects whose vulnerability results in a loss (with respect to safety or business). |
Methodology | For each information object provided in instances of AMOD-110 it shall be determined whether any of the following characteristics of that information potentially results in a loss (with respect to safety of business):
Note: The list above is not an exhaustive list of characteristics and has to be consolidated with security experts. |
Tools and non-human resources | Team for Capella |
Cardinality | One-off with possibility of revisions |
Completion criteria | The The output view is complete i.e. sufficient losses and threat states have been covered The output view includes elements that are required by DB regulations, where applicable The output view conforms to its modelling rules |
Design review | ARCH.R.2 Operational review - consolidated |
Step done by (Responsible) | Security expert |
Provides input to/assists (Contributes) | None identified |
Reviews (Contributes) | Security engineer |
Uses outputs (Informed) | ARCH.170 Identify security losses & threats |