Description
SecurityProperty is used to assign an aggregated security marking (from the SecurityAttributes enumerated list: ClassificationType) to designate this "aggregated" security classification. The inter-connectivity of different data sets may allow more sensitive connections to be made by association. Aggregation, accumulation and association of data (within ICT systems and on removable media) must be carefully considered as part of the risk management process as additional protective controls may or may not be appropriate. Aggregation does not automatically trigger an increase in protective marking. For instance, a database with thousands of records which are individually OFFICIAL should not be relabeled as a SECRET database. Instead, information owners are expected to make decisions about controls based on a risk assessment, and should consider what the aggregated information is, who needs to access it, and how.
Architecture Framework
UAF
Extension
UML Property