In order to judge the impact of a threat and the estimate risks for certain assets, it is important to know about the stakeholders of the system under investigation. Stakeholders may have certain security objectives, a formalized "statement of intent" to basically counter identified threats. The exact definition of potential objectives depends on the type of system under investigation. However, there are a number of accepted generic objectives defined by the HEAVENS project that are generally applicable, and thus used as the default. Similar to security attributes, they can be customized in the project settings.
Stakeholders are part of the system model with dependencies to assets. Drag the stakeholder from the palette to a system model (structure or activity) diagram to create a new stakeholder. Assign an appropriate image to it if applicable.
Draw a standard dependency relation from the stakeholder to each asset, the stakeholder has an objective on.
Select the stakeholder on the diagram or in the browser and open the Properties View. Switch to the "Security" tab. There are controls to add or remove objectives from the list of defined objectives. Each stakeholder may define a maximum risk level, the stakeholder is willing to accept. The level is later used to make a decision on risk treatment.
You can drag an existing stakeholder to other diagrams to relate it to other assets.
An example:
An automotive OEM is planing to setup an OTA (Over The Air) cloud server to provide software updates. The server itself or the data and updates stored on the server are treated as assets
The OEM itself is modeled as a stakeholder of the system, connected with the cloud server
The stakeholder has "Financial", "Operational" and probably "Privacy and Legislation" objectives in this matter, and only accepts very "Low" risks on that server due to the strategic importance of the server.
During risk treatment, any threat against the server with a higher risk then "Low" are likely to be mitigated, rather than ignored or transferred.
