Business Context
National Marine Fisheries Service issues permits to fishing industry individuals and corporations and also to individual recreational fishers.
Permits Types
A wide range of permit types are issued. Some representative examples are:
Business Drivers
Fisheries are managed regionally, but, many participants in the fishing industry are national or multinational in scope. It would be a convenience to these participants to offer a one-stop-shop for permits. Also, a one-stop-shop would facilitate maintenance of a single identifier for an industry participant who fishes or processes fish in multiple regions, and it would leverage efforts to improve data quality across regions.
Business Risk in the Permit Context
NIST 800-30: Risk Management Guide for Information Technology Systems defines risk as a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.
Users and functionality
Transactions-data sensitivity and volume
Internal control processes
Threat and Vulnerability Identification
Vulnerability |
Threat-source |
Intent/Situation |
Method |
Category of Harm |
Likelihood |
Impact |
|---|---|---|---|---|---|---|
Impersonation |
Perpetrator |
Intentional misrepresentation with intent to defraud |
|
Inconvenience, distress or damage to standing or reputation |
|
|
|
|
|
|
Financial loss or agency liability |
|
|
|
|
|
|
Harm to agency programs or public interest |
|
|
|
|
|
|
Unauthorized release of sensitive information |
|
|
|
|
|
|
Civil or criminal violations |
|
|
Repudiation |
Perpetrator |
Repudiation to escape accountability |
Signer claims "I didn't sign that" |
Inconvenience, distress or damage to standing or reputation |
|
|
|
|
|
|
Financial loss or agency liability |
|
|
|
|
|
|
Harm to agency programs or public interest |
|
|
|
|
|
|
Unauthorized release of sensitive information |
|
|
|
|
|
|
Civil or criminal violations |
|
|
|
|
|
|
Inconvenience, distress or damage to standing or reputation |
|
|
|
|
|
|
Financial loss or agency liability |
|
|
|
|
|
|
Harm to agency programs or public interest |
|
|
|
|
|
|
Unauthorized release of sensitive information |
|
|
|
|
|
|
Civil or criminal violations |
|
|
|
|
|
|
Inconvenience, distress or damage to standing or reputation |
|
|
|
|
|
|
Financial loss or agency liability |
|
|
|
|
|
|
Harm to agency programs or public interest |
|
|
|
|
|
|
Unauthorized release of sensitive information |
|
|
|
|
|
|
Civil or criminal violations |
|
|
|
|
|
|
Inconvenience, distress or damage to standing or reputation |
|
|
|
|
|
|
Financial loss or agency liability |
|
|
|
|
|
|
Harm to agency programs or public interest |
|
|
|
|
|
|
Unauthorized release of sensitive information |
|
|
|
|
|
|
Civil or criminal violations |
|
|