ISSRM domain model | KAOS extended to security | ||
Synonyms in [21] | Language concept (modeling construct) | ||
Asset-related concepts | Asset | Asset | Goal, Requirement, Expectation, Operation, Object |
Business asset | |||
IS asset | |||
Security criteria | Security Goal | Goal | |
Risk-related concepts | Risk | / | / |
Impact | / | / | |
Event | Threat Obstacle; anti-goal | Goal, Requirement, Expectation (in anti-model) | |
Threat | |||
Vulnerability | Vulnerability, domain property | Domain property | |
Threat agent | Attackers, malicious agent, anti-agent | Agent | |
Attack method | Potential capabilities of the attacker | Operationalisation + Domain and required conditions + Operations | |
Risk treatment -related concepts | Risk treatment | Countermeasures | / |
Security requirements | Security goal, security requirement, security expectation | Goal, Requirement, Expectation | |
Control | / | New model implementing security components. |