ETSI - TS 102 165-1
Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis
|Publication Date:||1 March 2011|
The present document defines a method for use by ETSI standards developers in undertaking an analysis of the threats, risks and vulnerabilities of a telecommunications system.
The method builds from the Common Criteria for security assurance and evaluation defined in ISO/IEC 15408  and specifically targets the means to build a Threat Vulnerability and Risk Analysis (TVRA) to allow its reference by an ETSI specification developed using the guidelines given in EG 202 387 [i.1] and ES 202 382 . The TVRA forms part of the documentation set for the Target Of Evaluation as specified in ES 202 382  with its intended audience being a developer of standards based Protection Profiles.
The Unified Modelling Language (UML) is used to model relationships within systems for analysis within the TVRA as a semi-formal tool with verification and simulation capabilities deployed during development.
NOTE: This is in accordance with the goals of the eEurope project under objective Good practices (COM(2002) 263 page 18) [i.8].
The present document provides a database definition for TVRA and provides, in annexes, the application of the TVRA method to a number of NGN subsystems or components. The database definition is appended to the present document as a text file containing Structured Query Language (SQL) database definition commands.