R representation Clause Samples

R representation. Figure 29 shows an R fragment used to trigger a proposal for implementing mitigation M1. Figure 29 R fragment for triggering a mitigation proposal This is done by assigning M1 a Boolean value, i.e. either TRUE or FALSE. If the value is TRUE, it means that the system should propose M1 as a mitigation option (possibly one among many). As also stated in Section 7.5.2, this should only be done if the following holds: 1) At least one risk that M1 has the potential to reduce is sufficiently high to warrant the proposal, and 2) the contribution to this risk from the branch to which M1 is attached is sufficiently high that a reduction of this contribution can significantly reduce the risk level. According to Figure 22, the only risk that M1 has the potential to reduce is the risk of incident U1 harming asset A1. In the script fragment of Figure 29, the risk level of this risk is represented by R1, which is an interval. The script fragment consists of a single if-then-else statement, where the first conjunct of the conditional corresponds to condition 1) above, and the second conjunct corresponds to condition 2). Notice that the 'sufficiently high' criterion is captured by the thresholds K1 and K2, as explained by the comments in the script fragment. To ensure a precautionary approach, these thresholds are compared to the worst case (maximum) elements of the interval sets.

R representation. Figure 28 shows an example of assignment of conditional likelihood to a 'leads-to' relation based on indicators. Figure 28 R fragment for assignment of conditional likelihood based on indicators The example is similar to the one for assignment of likelihood to a node in Section 8.3.2, and the assumption made for the indicators there apply also here. Typically, the indicators attached to a 'leads-to' relation will relate to the presence and/or severity of vulnerabilities on the relation. The main difference between the script fragments in Figure 27 and Figure 28 is that the latter assigns a probability interval rather than a frequency interval; hence, all numbers are between 0 and 1. Regarding the difficulty of providing general guidelines and the importance of the validation, the same considerations as expressed in Section 8.3.2 apply also when assigning a conditional likelihood on a 'leads-to' relation.

R representation. The risk level is determined by the likelihood of the incident in question and its consequence for the relevant asset. We assume that the consequence value, as well as the likelihood, is given as an interval. A common and simple way of defining the risk level function is to multiply the likelihood with the consequence. Figure 25 shows a fragment of an R script for doing this. Figure 25 R fragment representing a simple risk level calculation

R representation. The Chapter recognizes its responsibility as ba represent all employees in the bargaining untietr. , wheth Wherever the male gender is used in this Agreement, i males and females equally.

R representation. Figure 27 shows an example of likelihood assignment to a node based on indicators. Figure 27 R fragment for assignment of node likelihood based on indicators Two indicators are used in this example: I1 and I2. Both are Boolean and defined such that TRUE indicates a higher likelihood of the threat scenario than FALSE. Therefore, the highest likelihood is assigned to the node S1 if both indicators are TRUE, and the lowest if they are both false. Due to the wide range of potential threat scenarios and indicators, it is very hard to give general advice on how to define the node likelihood from a set of attached indicators. We therefore recommend that such issues receive a bit of extra attention in the validation of the algorithm.