# Copyright Oughtibridge Ltd digraph "Package_Risk management" { fontname="Cambria" # label="Risk management" layout="neato" size="8.8 12" # Keep within 8.8" wide, 12" deep sep=0.3 outputmode=edgefirst remincross=true splines=curved overlap=false node [shape=box style=rounded] # Defines the common node specification # Diagram specific parameters - override any above splines=curved sep=0.5 overlap=false # Start of the main graph # List of concepts #assurance case 4 [label="assurance case" fontname="Cambria" URL="https://81001.org/concept/assurance_case" tooltip="reasoned, auditable artefact created that supports the contention that its top-level claim (or set of claims), is satisfied, including systematic argumentation and its underlying evidence and explicit assumptions that support the claim(s)" color="#a7ff00"] #event 13 [label="event" fontname="Cambria" URL="https://81001.org/concept/event" tooltip="occurrence or change of a particular set of circumstances" color="#a7ff00"] #exploit 15 [label="exploit" fontname="Cambria" URL="https://81001.org/concept/exploit" tooltip="defined way to breach the security of information systems through vulnerability" color="#a7ff00"] #exposure 16 [label="exposure" fontname="Cambria" URL="https://81001.org/concept/exposure" tooltip="extent to which an organization and/or stakeholder is subject to an event" color="#a7ff00"] #harm 17 [label="harm" fontname="Cambria" URL="https://81001.org/concept/harm" tooltip="injury or damage to the health of people, or damage to property or the environment" color="#a7ff00"] #hazard 18 [label="hazard" fontname="Cambria" URL="https://81001.org/concept/hazard" tooltip="potential source of harm" color="#a7ff00"] #hazardous situation 19 [label="hazardous situation" fontname="Cambria" URL="https://81001.org/concept/hazardous_situation" tooltip="circumstance in which people, property or the environment is/are exposed to one or more hazards" color="#a7ff00"] #residual risk 43 [label="residual risk" fontname="Cambria" URL="https://81001.org/concept/residual_risk" tooltip="risk remaining after risk control measures have been implemented" color="#a7ff00"] #risk 45 [label="risk" fontname="Cambria" URL="https://81001.org/concept/risk" tooltip="combination of the probability of occurrence of harm and the severity of that harm" color="#a7ff00"] #risk analysis 46 [label="risk analysis" fontname="Cambria" URL="https://81001.org/concept/risk_analysis" tooltip="systematic use of available information to identify hazards and to estimate the risk" color="#a7ff00"] #risk assessment 47 [label="risk assessment" fontname="Cambria" URL="https://81001.org/concept/risk_assessment" tooltip="overall process comprising a risk analysis and a risk evaluation" color="#a7ff00"] #risk control 48 [label="risk control" fontname="Cambria" URL="https://81001.org/concept/risk_control" tooltip="process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels" color="#a7ff00"] #risk management 51 [label="risk management" fontname="Cambria" URL="https://81001.org/concept/risk_management" tooltip="systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, controlling and monitoring risk" color="#a7ff00"] #risk management file 52 [label="risk management file" fontname="Cambria" URL="https://81001.org/concept/risk_management_file" tooltip="set of records and other documents that are produced by risk management" color="#a7ff00"] #risk tolerance 53 [label="risk tolerance" fontname="Cambria" URL="https://81001.org/concept/risk_tolerance" tooltip="organization's or stakeholder's readiness to bear the risk after risk control in order to achieve its objectives" color="#a7ff00"] #root cause 54 [label="root cause" fontname="Cambria" URL="https://81001.org/concept/root_cause" tooltip="set of conditions or actions that occur at the beginning of a sequence of events that result in the initiation of a failure mode" color="#a7ff00"] #severity 58 [label="severity" fontname="Cambria" URL="https://81001.org/concept/severity" tooltip="measure of the possible consequences of a hazard" color="#a7ff00"] #threat 62 [label="threat" fontname="Cambria" URL="https://81001.org/concept/threat" tooltip="potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm" color="#a7ff00"] #vulnerability 67 [label="vulnerability" fontname="Cambria" URL="https://81001.org/concept/vulnerability" tooltip="flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy" color="#a7ff00"] #weakness 68 [label="weakness" fontname="Cambria" URL="https://81001.org/concept/weakness" tooltip="kind of deficiency." color="#a7ff00"] #process 39 [label="process" fontname="Cambria" URL="https://81001.org/concept/process" tooltip="set of interrelated or interacting activities that use inputs to deliver an intended result" color="#a74d00"] #safety 55 [label="safety" fontname="Cambria" URL="https://81001.org/concept/safety" tooltip="freedom from unacceptable risk" color="#a74d00"] #key properties 32 [label="key properties" fontname="Cambria" URL="https://81001.org/concept/key_property" tooltip="three risk management characteristics of safety, effectiveness, and security" color="#a74d00"] #reasonably foreseeable misuse 76 [label="reasonably foreseeable misuse" fontname="Cambria" URL="https://81001.org/concept/reasonably_foreseeable_misuse" tooltip="use of a product or system in a way not intended by the manufacturer, but which can result from readily predictable human behaviour" color="#a7ff00"] #risk estimation 77 [label="risk estimation" fontname="Cambria" URL="https://81001.org/concept/risk_estimation" tooltip="process used to assign values to the probability of occurrence of harm and the severity of that harm" color="#a7ff00"] #risk evaluation 78 [label="risk evaluation" fontname="Cambria" URL="https://81001.org/concept/risk_evaluation" tooltip="process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk" color="#a7ff00"] #List of generalisations and specialisations #safety IS A key properties 32 -> 55 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="safety is a type of key properties" fontname="Cambria"] #risk management IS A process 39 -> 51 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="risk management is a type of process" fontname="Cambria"] #risk estimation IS A risk management 51 -> 77 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="risk estimation is a type of risk management" fontname="Cambria"] #risk evaluation IS A risk management 51 -> 78 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="risk evaluation is a type of risk management" fontname="Cambria"] #risk analysis IS A risk management 51 -> 46 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="risk analysis is a type of risk management" fontname="Cambria"] #risk control IS A risk management 51 -> 48 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="risk control is a type of risk management" fontname="Cambria"] #vulnerability IS A weakness 68 -> 67 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="vulnerability is a type of weakness" fontname="Cambria"] #reasonably foreseeable misuse IS A weakness 68 -> 76 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="reasonably foreseeable misuse is a type of weakness" fontname="Cambria"] # List of associations #0..* exploit take advantage of 1..* vulnerability 15 -> 67 [constraint=false, dir="forward" label="take advantage of" fontname="Cambria"] #0..* hazardous situation reveal 1..* hazard 19 -> 18 [constraint=false, dir="forward" label="reveal" fontname="Cambria"] #0..* hazard source of 1..* harm 18 -> 17 [constraint=false, dir="forward" label="source of" fontname="Cambria"] #0..* residual risk is within 1..* risk tolerance 43 -> 53 [constraint=false, dir="forward" label="is within" fontname="Cambria"] #1 risk analysis estimates 1 risk 46 -> 45 [constraint=false, dir="forward" label="estimates" fontname="Cambria"] #1 risk analysis identifies 0..* hazard 46 -> 18 [constraint=false, dir="forward" label="identifies" fontname="Cambria"] #1 risk assessment has part 1 risk analysis 47 -> 46 [constraint=false, dir="forward" label="has part" fontname="Cambria"] #0..* risk management monitors 0..* risk 51 -> 45 [constraint=false, dir="forward" label="monitors" fontname="Cambria"] #0..* risk management recorded in 0..* risk management file 51 -> 52 [constraint=false, dir="forward" label="recorded in" fontname="Cambria"] #1..* risk tolerance determines acceptabiltity of 0..* risk 53 -> 45 [constraint=false, dir="forward" label="determines acceptabiltity of" fontname="Cambria"] #1 safety freedom from unacceptable 0..* risk 55 -> 45 [constraint=false, dir="forward" label="freedom from unacceptable" fontname="Cambria"] #1 threat cause 0..* harm 62 -> 17 [constraint=false, dir="forward" label="cause" fontname="Cambria"] #0..* threat exploit 0..* vulnerability 62 -> 67 [constraint=false, dir="forward" label="exploit" fontname="Cambria"] #0..* vulnerability lead to 0..* hazardous situation 67 -> 19 [constraint=false, dir="forward" label="lead to" fontname="Cambria"] #0..* event has 1..* root cause 13 -> 54 [constraint=false, dir="forward" label="has" fontname="Cambria"] #0..* event occurs in 1 hazardous situation 13 -> 19 [constraint=false, dir="forward" label="occurs in" fontname="Cambria"] #0..* risk management file provide evidence for 0..* assurance case 52 -> 4 [constraint=false, dir="forward" label="provide evidence for" fontname="Cambria"] #0..* severity quantifies impact of 0..* hazard 58 -> 18 [constraint=false, dir="forward" label="quantifies impact of" fontname="Cambria"] #0..* exposure quantifies likelihood of 1..* event 16 -> 13 [constraint=false, dir="forward" label="quantifies likelihood of" fontname="Cambria"] #1 event lead to 0..* harm 13 -> 17 [constraint=false, dir="forward" label="lead to" fontname="Cambria"] #1 risk control reduces 0..* risk 48 -> 45 [constraint=false, dir="forward" label="reduces" fontname="Cambria"] #0..* severity quantifies impact of 0..* harm 58 -> 17 [constraint=false, dir="forward" label="quantifies impact of" fontname="Cambria"] #1 risk control reduces likelihood of 0..* event 48 -> 13 [constraint=false, dir="forward" label="reduces likelihood of" fontname="Cambria"] #1 risk control reduces impact of 0..* harm 48 -> 17 [constraint=false, dir="forward" label="reduces impact of" fontname="Cambria"] #0..* risk tolerance specifies levels for 0..* risk control 53 -> 48 [constraint=false, dir="forward" label="specifies levels for" fontname="Cambria"] }

Some PS