[ISM3 Users] Tuesday Insight: IAML v1.0
Vicente Aceituno
vac at zenobia.es
Tue May 29 10:24:40 CEST 2007
Dear All,
The Information Assurance Markup Language v1.0 final is now available
for download at the consortium's website (www.ism3.com)
This language enables expressing all the security aspects of physical
and logical information assets (an environment, an application, a
database, a system, media, etc), including business, compliance and
technical objectives.
It has compatiblity attributes for
confidenciality-integrity-availability-privacy-criticality
classifications. (protectiveMarking, privacyMarking,
availabilityMarking, businesscontinuityMarking, integrityMarking)
It has links to access control, digital signatures and logs
(authorityList, accessRigthsList, rightsHolder, eventSet, eventType,
userIDType, timeZone, startDate, expiryDate, constituency,
securityHandling, handlingControl, handlingApplicability
It supports assets lifecycles (objectState,
classificationReviewDueDate, additionalMetadata)
It supports internal and external compliance, licensing, copyrights,
etc (objectLocation, policySet, policyType, policySubType)
It expresses availability objectives accurately (availabilityWindow
startFirstWindow, endFirstWindow, recurringPeriod, recurringCardinality,
minPercentageUptime, maxNumberOfInterruptions,,
maxNumberOfTransactionsLostPerInterruption, minLoad, loadUnits,
recoveryTimeObjective, recoveryPointObjective)
It expresses retention and expiration objectives accurately
(retentionTarget, itemType, retentionEvent, retentionEventDate,
minRetentionSinceRetentionEvent, maxPercentageOfItemsLost,
expirationTarget, expirationEvent, expirationEventDate,
maxRetentionSinceExpirationEvent)
It expresses quality objectives accurately (precisionTarget,
maxPercentageOfIncorrectItems, itemType, relevanceTarget, itemType,
maxPercentageOfOutDatedItems, averageRelevanceOfItems,
completenessTarget,
maxNumberOfUnnecessaryItems, maxPercentageOfEmptyItems,
maxPercentageOfMissingItems, maxPercentageOfIncoherentItems)
It expresses environmental conditions accurately (electricityTarget, cType i
upperCurrentLimit, lowerCurrentLimit, currentUnits, upperVoltage,
lowerVoltage, voltageUnits, temperatureTarget, upperLimit, lowerLimit,
temperatureUnits, humidityTarget, humidityUnits, lightTarget,
lightUnits,
radiationTarget, radiationUnits)
Probably the quickest gains from IAML is linking back items with their
compliance requirements and expresing availability in terms that are
meaningful for system design.
My best
Vicente
P.S, Please spread the word.
More information about the Users
mailing list