The current tech/org measures are organised in a hierarchy that does not support analysis and tasks related to common frameworks such as the CIA model (Confidentiality, Integrity, Availability) - which are commonly used to assess/ensure measures. E.g. what are you doing to safeguard confidentiality? (select appropriate measures).
The DPV hierarchy should support these tasks by providing a categorisation or annotation of measures based on their use for CIA concepts. For this, the concepts can be expressed as being instances of ConfidentialityMeasure, IntegrityMeasure, and AvailabilityMeasure so that the existing hierarchy is preserved while also providing this usefulness.
The current tech/org measures are organised in a hierarchy that does not support analysis and tasks related to common frameworks such as the CIA model (Confidentiality, Integrity, Availability) - which are commonly used to assess/ensure measures. E.g. what are you doing to safeguard confidentiality? (select appropriate measures).
The DPV hierarchy should support these tasks by providing a categorisation or annotation of measures based on their use for CIA concepts. For this, the concepts can be expressed as being instances of
ConfidentialityMeasure
,IntegrityMeasure
, andAvailabilityMeasure
so that the existing hierarchy is preserved while also providing this usefulness.