IDENTITY - UAF - Security Views
| Description | Illustrates the security assets, security constraints, security controls, families, and measures required to address specific security concerns. |
|---|---|
| References | OMG - UAF - View - Security Views |
| Parent Mapping | UAF Mappings |
MAPPED ENTITIES
| Framework Concept | Framework Definition | SysFEAT Concept | SysFEAT Definition |
|---|---|---|---|
 Action Process |
Action Process |
An Action Process is a Behavior that describes a typical course of action intended to produce Outcome Events, through the involvement of Agents as Active Participants. During its course of action, a process consumes or produces Functional Assets, including Information Assets. 1) It may memorize or access Information Assets from and to its Process Stores. 2) It may receive Functional Assets at its boundary: Outcome Consumptions. 3) It may signal the production of Functional Assets at its boundary: Outcome Productions. The course of actions of a Action Process is constrained ( Rule Enforcement) by the application of Behavioral Rules that define what is allowed and not allowed to do. Within SysFEAT, we can examine Action Processes from two distinct perspectives: a) A conceptual standpoint is provided by Value Streams. b) A concrete implementation standpoint is provided by Resource Action Processes. References: ISO 15926 - ClassOfActivity ISO 9000 - 3.4.1 - Process Merriam Webster - Process OMG - BPMN - Process OMG - UAF - Process OMG - UML - Activity OpenGroup - ArchiMate - Process Russell Ackoff - System of Concepts - Process WordNet - Process |
|
| Asset |
An abstract element that indicates the types of elements that can be affected by Risk. Asset as applied to Security views is an abstract element that indicates the types of elements that can be considered as a subject for security analysis. References: OMG - UAF - Asset |
||
| Business Operating Asset |
An abstract element used to group the elements of ResourcePerformer and ResourceInformation allowing them to own ResourceInformationRoles. References: OMG - UAF - ResourceAsset |
Business Operating Asset |
Business Operating Assets comprise physical assets which contribute to the production and consumption of Business Outcome Events of the enterprise. This includes Business Agents, their behaviors (Business Behavior: Business Resource Process, Business Resource Interaction Process), References: OMG - UAF - CapableElement OpenGroup - TOGAF - Definition - Solution Building Block OpenGroup - TOGAF - Guide - Solution Building Blocks |
| EnhancedSecurityControl |
Statement of security capability to: (i) build in additional but related, functionality to a basic control; and/or (ii)increase the strength of a basic control. References: OMG - UAF - EnhancedSecurityControl |
||
| Enhances |
A tuple relating the EnhancedSecurityControl to a SecurityControl. References: OMG - UAF -Enhances |
||
| Mitigates |
A tuple relating a Security Control to a Risk. Mitigation is established to manage risk and could be represented as an overall strategy or through techniques (mitigation configurations) and procedures (SecurityProcesses). References: OMG - UAF - Mitigates |
||
| OperationalAgent |
An abstract type grouping OperationalArchitecture and OperationalPerformer. References: OMG - UAF - OperationalAgent |
Conceptual Agent |
A Conceptual Agent is an abstract type of Agent that depicts a functional division of labor within an enterprise, influencing the formation of its business operating model. The concrete specializations of Conceptual Agent follow the systemic level pattern and come in the form of Operating Domain (a Macro Conceptual Agent) and Business Function (a Mezzo Conceptual Agent). References: Christensen Institute - Modularity OMG - UAF - OperationalAgent OpenGroup - ArchiMate - Business Internal Active Structure Element Russell Ackoff - System of concepts - FunctionalDivisionOfLabor |
| OperationalArchitecture |
A type used to denote a model of the Architecture, described from the Operational perspective. References: OMG - UAF - OperationalArchitecture |
Conceptual Environment |
A Conceptual Environment is an operating context which defines the interactions (Business Interaction) of an Operating Domain with its partners (Customers). References: OMG - UAF - OperationalArchitecture |
| OperationalAsset |
An abstract element used to group the elements of OperationalAgent and OperationalInformation allowing them to own OperationalInformationRoles. References: OMG - UAF - OperationalAsset |
Conceptual Operating Asset |
A Conceptual Operating Asset is an Operating Asset used to describe the Conceptual Operating Model of the enterprise. It includes Value Streams, Operating Domains and Business Functions and the way they contribute to the delivery of Business Outcome Events. References: OMG - UAF - OperationalAsset |
| OperationalInformation |
An item of information that flows between OperationalPerformers and is produced and consumed by the OperationalActivities that the OperationalPerformers are capable to perform (see IsCapableToPerform). References: OMG - UAF - OperationalInformation |
Domain Asset |
A Domain Asset is the representation of any type of tangible or intanglible resource, or its respective state, that is critical for comprehending an enterprise, including its data, resources, and activities. Similar to any Information Asset, a Domain Asset can be classified into three categories: 1) Conceptual Entitys denote entities that can change over time. 2) Event Concepts embody the temporal boundaries associated with Conceptual Entitys. 3) Concept Propertys represent immutable characteristics of Conceptual Entitys. References: OMG - BACM - Business Object OMG - UAF - OperationalInformation Russell Ackoff - Choice & Communication - Concept |
| OperationalPerformer |
A logical entity that IsCapableToPerform OperationalActivities which produce, consume and process Resources. References: OMG - UAF - OperationalPerformer |
Business Function |
A Business Function is a Mezzo unit within the enterprise's functional division of labor. It is used to shape the enterprise management structure in regard to how it produces, consumes or processes Business Outcome Events: information, energy, materiel. A Business Function specifies Skills and Functionality(ies) required to perform their activities effectively. References: Christensen Institute - Modularity OMG - UAF - OperationalPerformer OpenGroup - TOGAF - Definition - Business Function OpenGroup - TOGAF 9 - Definition - Business Function Russell Ackoff - System of concepts - FunctionalDivisionOfLabor |
| Requirement |
In the contect of Security & Risk Management, Requirement is implemented as policies in SysFEAT. | 
Policy Asset |
A Policy Asset is any topic related to policy definitions. It ranges from the different kinds of Directives (Business Policy, Architecture principle, Behavioral Rule, etc.), to classification of policies (Policy Category) up to an entire set of policies (Policy Framework). |
| Resource Performer |
An abstract grouping of elements that can perform Functions. References: OMG - UAF - ResourcePerformer |
Business Agent |
A Business Agent is a Resource Agent which produces and reacts to Business Outcome Events of the enterprise. A Business Agent can be a Human Resource (Organizational Position or Department Type), a Business System (Business Software System or Concrete Hardware System) or a Capability Configuration (an assembly of Org-Units and Business Systems. References: OMG - UAF - ResourcePerformer OpenGroup - TOGAF - Definition - Business System |
| ResourceArchitecture |
A type used to denote a model of the Architecture, described from the ResourcePerformer perspective. References: OMG - UAF - ResourceArchitecture |
System of System Environment |
A System of System Environment is an operating context which defines the interactions (Business Service Channel) of a System of Systems with its partners (Partner Resource Architecture). References: OMG - UAF - ResourceArchitecture |
| ResourceInformation |
A formalized representation of information that is managed by or exchanged between systems. References: OMG - UAF - ResourceInformation |
Data Asset |
A Data Asset represents the abstract structure of any kind of data that can be processed and memorized by a Business Software System. A Data Asset is either a Data Entity or a Data Property. Only Data Entitys can have identity and states. Data Propertys only handle raw data. Data Assets are managed in Data Catalogs. References: NIST - Data Asset UCF Glossary - Data UCF Glossary - Data Element |
| ResourcePerformer |
Business Agent |
A Business Agent is a Resource Agent which produces and reacts to Business Outcome Events of the enterprise. A Business Agent can be a Human Resource (Organizational Position or Department Type), a Business System (Business Software System or Concrete Hardware System) or a Capability Configuration (an assembly of Org-Units and Business Systems. References: OMG - UAF - ResourcePerformer OpenGroup - TOGAF - Definition - Business System |
|
| Risk |
A type that represents a situation involving exposure to danger of AffectableElements (e.g. Assets, Processes, Capabilities, Opportunities, or Enterprise Goals) where the effects of such exposure can be characterized in terms of the likelihood of occurrence of a given threat and the potential adverse consequences of that threat's occurrence. References: OMG - UAF - Risk |
Operational Risk Type |
An Operational Risk Type is a kind of Risk Type that refers to the potential for loss due to the enterprise's inadequate functioning. An Operational Risk Type is either Compliance Risk Type a or an Operating Risk Type. |
| SecurityControl |
The management, operational, and technical control (i.e., safeguard or countermeasure) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information [NIST SP 800-53]. References: NIST - Glossary - Security Control OMG - UAF - SecurityControl |
||
| SecurityControlFamily |
An element that organizes security controls into a family. Each Security Control Family contains security controls related to the general security topic of the family. References: OMG - UAF - SecurityControlFamily |
Security Control Family |
|
| Service |
A mechanism to enable access to one or more capabilities, where the access is provided using a prescribed service interface and is exercised consistent with service constraints and policies. References: OMG - UAF - Service |
Service is not directly represented in SysFEAT. Rational: |
|
| StrategicAsset |
An abstract element that indicates the types of strategic elements that can be affected by Risk. References: OMG - UAF - StrategicAsset |
StrategicAsset is not directly represented in SysFEAT. Rational: |
|
| StrategicInformation |
Knowledge communicated or received concerning a particular fact or circumstance that is strategic in nature that is important or essential in relation to a plan of action. References: OMG - UAF - StrategicInformation |
StrategicInformation is not directly represented in SysFEAT. Rational: |
|
| ValueItem |
An ideal, custom, or institution that an enterprise promotes or agrees with. It may be positive or negative, depending on point of view. References: OMG - UAF - ValueItem |
ValueItem is not directly represented in SysFEAT. Rational: |
EXTERNAL REFERENCES
| Framework reference | SysFEAT Description |
|---|---|
 NIST - Glossary - Security Control |
The management, operational, and technical control (i.e., safeguard or countermeasure) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information [NIST SP 800-53]. |
| OMG - UAF - Asset |
An abstract element that indicates the types of elements that can be affected by Risk. Asset as applied to Security views is an abstract element that indicates the types of elements that can be considered as a subject for security analysis An abstract element that indicates the types of elements that can be affected by Risk. Asset as applied to Security views is an abstract element that indicates the types of elements that can be considered as a subject for security analysis An abstract element that indicates the types of elements that can be affected by Risk. Asset as applied to Security views is an abstract element that indicates the types of elements that can be considered as a subject for security analysis. An abstract element that indicates the types of elements that can be affected by Risk. Asset as applied to Security views is an abstract element that indicates the types of elements that can be considered as a subject for security analysis.
Functional Asset Functional Assets encompasse all Architecture Asset Types used to describe why and how systems operate/function. This includes the Operating Eco-System where system operates to fulfill these purposes (Agents and their Behaviors). Functional Assets include: 1. Blocks defining results of Behaviors of the enterprise or its sub-systems, that benefit to it internal or external customers : Outcome Event, 2. Blocks used to describe information: Information Asset. 3. Blocks used to describe how the enterprise operates: Operating Assets (Agent, Behavior, Service Interface). |
| OMG - UAF - EnhancedSecurityControl |
Statement of security capability to: (i) build in additional but related, functionality to a basic control; and/or (ii)increase the strength of a basic control. |
| OMG - UAF - Mitigates |
A tuple relating a Security Control to a Risk. Mitigation is established to manage risk and could be represented as an overall strategy or through techniques (mitigation configurations) and procedures (SecurityProcesses). |
| OMG - UAF - OperationalAgent |
Conceptual Agent A Conceptual Agent is an abstract type of Agent that depicts a functional division of labor within an enterprise, influencing the formation of its business operating model. The concrete specializations of Conceptual Agent follow the systemic level pattern and come in the form of Operating Domain (a Macro Conceptual Agent) and Business Function (a Mezzo Conceptual Agent). An abstract type grouping OperationalArchitecture and OperationalPerformer. An abstract type grouping OperationalArchitecture and OperationalPerformer. |
| OMG - UAF - OperationalArchitecture |
Conceptual Environment A Conceptual Environment is an operating context which defines the interactions (Business Interaction) of an Operating Domain with its partners (Customers). A type used to denote a model of the Architecture, described from the Operational perspective. A type used to denote a model of the Architecture, described from the Operational perspective. A type used to denote a model of the Architecture, described from the Operational perspective. A type used to denote a model of the Architecture, described from the Operational perspective. |
| OMG - UAF - OperationalAsset |
Conceptual Operating Asset A Conceptual Operating Asset is an Operating Asset used to describe the Conceptual Operating Model of the enterprise. It includes Value Streams, Operating Domains and Business Functions and the way they contribute to the delivery of Business Outcome Events. An abstract element used to group the elements of OperationalAgent and OperationalInformation allowing them to own OperationalInformationRoles. An abstract element used to group the elements of OperationalAgent and OperationalInformation allowing them to own OperationalInformationRoles. |
| OMG - UAF - OperationalInformation |
Concept A Concept is the representation of any tangible or intanglible entity that is of interest to understand the enterprise, its data, resources and activities. A Concept is defined through its essential characteristics which can be: 1) A Concept Property that represents some an immutable factual characteristic such as "name", "amount". 2) A Concept Relationship that represents relationships to other Concepts. 
Concept PropertyA Concept Property is an immutable factual characteristic of a Conceptual Entity. Example: names, amounts, etc.
Domain AssetA Domain Asset is the representation of any type of tangible or intanglible resource, or its respective state, that is critical for comprehending an enterprise, including its data, resources, and activities. Similar to any Information Asset, a Domain Asset can be classified into three categories: 1) Conceptual Entitys denote entities that can change over time. 2) Event Concepts embody the temporal boundaries associated with Conceptual Entitys. 3) Concept Propertys represent immutable characteristics of Conceptual Entitys. An item of information that flows between OperationalPerformers and is produced and consumed by the OperationalActivities that the OperationalPerformers are capable to perform (see IsCapableToPerform). An item of information that flows between OperationalPerformers and is produced and consumed by the OperationalActivities that the OperationalPerformers are capable to perform (see IsCapableToPerform). |
| OMG - UAF - OperationalPerformer |
Business Function A Business Function is a Mezzo unit within the enterprise's functional division of labor. It is used to shape the enterprise management structure in regard to how it produces, consumes or processes Business Outcome Events: information, energy, materiel. A Business Function specifies Skills and Functionality(ies) required to perform their activities effectively.
Operating DomainAn Operating Domain is a Macro functional division of labor within an enterprise, acting as a Conceptual Agent. It embodies a collection of interrelated Business Functions which collaboratively provide one or more Business Capability(ies). Operating Domains serve as the highest hierarchical grouping of Business Functions within the enterprise's Conceptual Environment. A logical entity that IsCapableToPerform OperationalActivities which produce, consume and process Resources. A logical entity that IsCapableToPerform OperationalActivities which produce, consume and process Resources. A logical entity that IsCapableToPerform OperationalActivities which produce, consume and process Resources. A logical entity that IsCapableToPerform OperationalActivities which produce, consume and process Resources. |
| OMG - UAF - ResourceArchitecture |
A type used to denote a model of the Architecture, described from the ResourcePerformer perspective. A type used to denote a model of the Architecture, described from the ResourcePerformer perspective. A type used to denote a model of the Architecture, described from the ResourcePerformer perspective. A type used to denote a model of the Architecture, described from the ResourcePerformer perspective. A type used to denote a model of the Architecture, described from the ResourcePerformer perspective.
System of System EnvironmentA System of System Environment is an operating context which defines the interactions (Business Service Channel) of a System of Systems with its partners (Partner Resource Architecture). |
| OMG - UAF - ResourceAsset |
An abstract element used to group the elements of ResourcePerformer and ResourceInformation allowing them to own ResourceInformationRoles. An abstract element used to group the elements of ResourcePerformer and ResourceInformation allowing them to own ResourceInformationRoles |
| OMG - UAF - ResourceInformation |
Logical Data Entity A Logical Data Entity is a logical structure of a Data Entity. As any Data Entity, it has an independent existence and can be uniquely identified. A Logical Data Entity is characterized by Logical Relationships it has with other Logical Data Entity(ies) and by its Attributes. A formalized representation of information that is managed by or exchanged between systems. A formalized representation of information that is managed by or exchanged between systems. A formalized representation of information that is managed by or exchanged between systems. A formalized representation of information that is managed by or exchanged between systems. A formalized logical representation of information that is managed by or exchanged between systems. A formalized physical representation of information that is managed by or exchanged between systems. |
| OMG - UAF - ResourcePerformer |
An abstract grouping of elements that can perform Functions.
Business AgentA Business Agent is a Resource Agent which produces and reacts to Business Outcome Events of the enterprise. A Business Agent can be a Human Resource (Organizational Position or Department Type), a Business System (Business Software System or Concrete Hardware System) or a Capability Configuration (an assembly of Org-Units and Business Systems. An abstract grouping of elements that can perform Functions. An abstract grouping of elements that can perform Functions. An abstract grouping of elements that can perform Functions. An abstract grouping of elements that can perform Functions. An abstract grouping of elements that can perform Functions. |
| OMG - UAF - Risk |
A type that represents a situation involving exposure to danger of AffectableElements (e.g. Assets, Processes, Capabilities, Opportunities, or Enterprise Goals) where the effects of such exposure can be characterized in terms of the likelihood of occurrence of a given threat and the potential adverse consequences of that threat's occurrence. |
| OMG - UAF - SecurityControl |
The management, operational, and technical control (i.e., safeguard or countermeasure) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information [NIST SP 800-53]. |
| OMG - UAF - SecurityControlFamily |
An element that organizes security controls into a family. Each Security Control Family contains security controls related to the general security topic of the family. |
| OMG - UAF - Service |
A mechanism to enable access to one or more capabilities, where the access is provided using a prescribed service interface and is exercised consistent with service constraints and policies. A mechanism to enable access to one or more capabilities, where the access is provided using a prescribed service interface and is exercised consistent with service constraints and policies. A mechanism to enable access to one or more capabilities, where the access is provided using a prescribed service interface and is exercised consistent with service constraints and policies. |
| OMG - UAF - StrategicAsset |
An abstract element that indicates the types of strategic elements that can be affected by Risk. An abstract element that indicates the types of strategic elements that can be affected by Risk. |
| OMG - UAF - StrategicInformation |
Knowledge communicated or received concerning a particular fact or circumstance that is strategic in nature that is important or essential in relation to a plan of action. Knowledge communicated or received concerning a particular fact or circumstance that is strategic in nature that is important or essential in relation to a plan of action. |
| OMG - UAF - ValueItem |
An ideal, custom, or institution that an enterprise promotes or agrees with. It may be positive or negative, depending on point of view. An ideal, custom, or institution that an enterprise promotes or agrees with. It may be positive or negative, depending on point of view. |
| OMG - UAF -Enhances |
A tuple relating the EnhancedSecurityControl to a SecurityControl. |