<<<
Chronological Index
>>> <<<
Thread Index
>>>
[dssa] Definition of "Preexisting Condition" from the methdology
- To: DSSA WG <dssa@xxxxxxxxx>
- Subject: [dssa] Definition of "Preexisting Condition" from the methdology
- From: "Mike O'Connor" <mike@xxxxxxxxxx>
- Date: Thu, 5 Apr 2012 10:39:31 -0500
hi all,
i walked out of the meeting today with an action item to dig out the definition
of "Preexisting Condition" from the methodology. that action is actually part
of a much bigger action item to come up with a glossary of definitions for all
the terms in that sheet. here's the definition;
A predisposing condition is a condition that exists within an organization, a
mission or business process, enterprise architecture, information system, or
environment of operation, which affects (i.e., increases or decreases) the
likelihood that threat events, once initiated, result in adverse impacts to
organizational operations and assets, individuals, other organizations, or the
world.
Predisposing conditions include, for example, the location of a facility in a
hurricane- or flood-prone region (increasing the likelihood of exposure to
hurricanes or floods) or a stand-alone information system with no external
network connectivity (decreasing the likelihood of exposure to a network-based
cyber attack).
Vulnerabilities resulting from predisposing conditions that cannot be easily
corrected could include, for example, gaps in contingency plans or
weaknesses/deficiencies in information system backup and failover mechanisms.
In all cases, these types of vulnerabilities create a predisposition toward
threat events having adverse impacts on organizations. Vulnerabilities
(including those attributed to predisposing conditions) are part of the overall
security state of organizational information systems and environments of
operation which can affect the likelihood of a threat event’s occurrence.
at some point between now and Prague, we should take a look at all these
definitions and make sure they are right -- but i think for now the higher
priority is to flush out our first round of risk-scenarios and tidy up stuff
like this a little later.
mikey
- - - - - - - - -
phone 651-647-6109
fax 866-280-2356
web http://www.haven2.com
handle OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|