Issue 7814: suggest using the dependency relationship to model elements. (uml-qos-ft-ftf) Source: BAE SYSTEMS (Mr. Kevin Dockerill, kevin.dockerill@baesystems.com) Nature: Clarification Severity: Significant Summary: Risk Assessments can be defined for parts of the system. For example, a subsystem or component. However, the bias towards mis-use cases means that risks are only associated with assets and use cases. So, a more generic relationship should be defined (as stated in the comments above). I suggest using the dependency relationship to model elements. Resolution: Revised Text: Actions taken: September 30, 2004: received issue March 8, 2006: closed issue Discussion: Assets are the means for specifying what has value in the system and identification of assets will define the parts of the system that should be assessed. Without assets there is no need for risk assessment. Misuse cases are a means for high level modelling and representation of risks (threats and unwanted incidents). This does not mean that only use cases may be assessed, but that the results of an assessment is represented as misuse cases that, as with normal use cases, may be refined in other models. Disposition: Closed, no change End of Annotations:===== m: webmaster@omg.org Date: 30 Sep 2004 06:29:12 -0400 To: Subject: Issue/Bug Report -------------------------------------------------------------------------------- Name: Kevin Dockerill Company: BAE SYSTEMS, Warton, Lancs UK mailFrom: Kevin.dockerill@baesystems.com Notification: No Specification: UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms Section: fig 12.5 FormalNumber: Ptc/2004-06-01 Version: Draft RevisionDate: 7/21/2004 Page: 56 Nature: Clarification Severity: Significant HTTP User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Description Risk Assessments can be defined for parts of the system. For example, a subsystem or component. However, the bias towards mis-use cases means that risks are only associated with assets and use cases. So, a more generic relationship should be defined (as stated in the comments above). I suggest using the dependency relationship to model elements.