Example diagram Clause Samples
The "Example diagram" clause provides a visual representation to clarify the structure, process, or relationship described in the agreement. Typically, this clause includes a diagram or schematic that illustrates how certain elements of the contract interact, such as workflow steps, organizational hierarchies, or data flows. By offering a visual aid, the clause helps parties better understand complex provisions, reducing ambiguity and supporting clearer communication.
Example diagram. Figure 14 shows the addition of a mitigation in the diagram. This mitigation addresses the vulnerability concerning input validation. Implementing the mitigation can therefore be expected to reduce the conditional likelihood of the leads-to relation to which the vulnerability is attached, although likelihood values are not shown in the diagram.
Example diagram. Figure 6 shows the start of a CORAS diagram, where assets has been inserted on the right-hand side. Only a single asset is included, although there could have been more. If so, we would insert them above or below the one already there.
Example diagram. Figure 10 shows the addition of threat scenarios in the diagram. Initiates relations have also been added from the threat, as well as leads-to relations from one threat scenario to another. Both relation types are represented by an arrow with an open arrowhead. Notice that the square brackets are meant for likelihood assessments. As we are only concerned with identification of risk model elements and their relations here, these have been left empty.
Example diagram. Figure 9 illustrates the addition of threats on the left-hand side of the diagram. Again, the example includes a single threat, although more could have been added above or below.
Example diagram. Figure 12 shows the addition of incidents in the diagram. In this particular example, there is only a single incident. We have also added an incoming leads-to relation to the incident, as well as an In addition to connecting the incident to the rest of the model, we have also added another vulnerability on the incoming leads-to relation to the incident. This means that all leads-to relations have an attached vulnerability. Although this is not a requirement, it may be a good idea to support the identification of indicators in the next step.
Example diagram. Figure 11 shows the addition of indicators in the diagram. Two indicators have been added. The first is attached to a threat scenario, meaning that it will be used as input for assessing the likelihood of the threat scenario. The other is attached to a vulnerability attached to a leads-to relation, meaning that it will be used as input for assessing the conditional likelihood of the relation.
Example diagram. Figure 9 shows the addition of vulnerabilities in the diagram. In this example, vulnerabilities have only been attached to leads-to relations from threat scenarios, but they could also have been attached to initiates relations from a threat.