Suggestion: Add InfoSec Terms to concerns #46
Description
From "Herron, Mark F" [email protected]:
I would suggest adding to the central “concerns” row of circles in the diagrams, the formal InfoSec impact term it relates to. For instance, instead of just a circle with “Inaccessible or lost data,” instead add the label: (availability). Likewise for integrity and confidentiality. So that middle row of concerns could be:
Inaccessible or lost data (Availability) : Corrupted data (Integrity) : Exposed data (Confidentiality)
This would act as a small crosswalk or cross-reference to every other Infosec framework already out there (and act as term awareness for the PIs, who have to interact with us and our jargon. :-) ). You could even add a little set of OCTAVE-type threat trees that PIs (and their institutional Risk Management offices) can walk though - that might be handy.