Previous Next V-Model Official Homepage by IABG  
Header  
SD 1.6: Threat and Risk Analysis  

  SE1.6 - Bedrohung und Risiko analysieren

Contents  
  • Product Flow
  • Handling
  • Roles
    		•  
  • Tools Requirements
  • Pre-Tailoring forms
  • External Norms

    • Product Flow

    From Product to Methods Tool Req. Ext. Norms
    Activity State Chapter Title Activity State
    External - All External Specifications (customer) - -      
    SD1.1
    SD1.2
    SD1.3
    SD1.4
    SD1.5    		 being proc. Existing User Requirements - -    
    - - 4 User Requirements.
    Threat and Risk Analysis    		 SD1.7
    SD1.8
    SD2
    SD3
    SD4-SW
    SD5-SW    		 submitted   SSD01
    - - 5 User Requirements.
    IT Security    		   SSD01

    + "Chapter" are extra columns from the original printed version of GD 250

    Handling

    The prerequisites for the realization of this activity are the previously defined User Requirements and information about the application environment of the System. (2)  , (3)

    Within the scope of the threat and risk analysis, the threats relevant for the System have to be defined and the connected risks to be evaluated, by taking into consideration the probability these threats might happen and the size of damages to be expected.

    The results of the threat and risk analysis are the basis for the formulation of requirements for IT security within the scope of the User Requirements.

    ---------- The following part is an extension of the original printed version of GD 250 -----------

    Roles

    Role Participation
    IT Security Representative responsible

    Tools Requirements

    Product Functional Tools Requirements
    Chapter 4
    User Requirements.
    Threat and Risk Analysis    		 SSD01 - Recording Requirements
    Chapter 5
    User Requirements.
    IT Security    		 SSD01 - Recording Requirements

    External Norms

    Being defined

    Pre-Tailoring forms

    Pre-tailoring Forms SD Products Implementing
    Conditions
    Small Administrative IT Projects SD1.6 x User Requirements                                 SD1.6 x Basic Requirements          
    Medium Administrative IT Projects SD1.6 x User Requirements                                 SD1.6 x Basic Requirements          
    Large Administrative IT Projects SD1.6 x User Requirements                                 SD1.6 x Basic Requirements          
    Small/Medium Technical-Scientific IT Projects SD1.6 x User Requirements                                 SD1.6 x Basic Requirements          
    Large Technical-Scientific IT Projects SD1.6 x User Requirements                                 SD1.6 x Basic Requirements          
    Selection, Procurement and Adjustment of Off-the-Shelf Products SD1.6 x User Requirements                                 SD1.6 x Basic Requirements          

    Matrix Entries:

    Always required
    Always required under given circunstances
    Not required
    Description of data or database only

    Notes

    (1) The threat and risk analysis is realized from a security and safety aspect.

    (2) In systems where a threat situation has not been determined it is necessary to use a fictive application environment as a basis for the estimation.

    (3) For the information system the application environment is particulary influenced by the structure and process organization.

    Previous Next GDPA Online Last Updated 01.Jan.2002 Updated by Webmaster Last Revised 01.Jan.2002 Revised by Webmaster