Use case risk level example inconsistent with risk level determination recipe

Standard Version (see README.md for info): 2f339c83

Line Number: 1206

Clause/Subclause: 4.8.8 Use case selection

Paragraph/Figure/Table: Risk factor table

Comment:

For UC-L1 and UC-L2, the table concludes that risk level is LOW. However, according to 4.7.8.3 Risk level determination, their risk level must be MEDIUM.

For UC-M1, the table concludes risk level is MEDIUM. But according to 4.7.8.3 its risk level must be HIGH.

From 4.7.8.3:

"MEDIUM if ... Likelihood factors sum >= 8"

This means

• UC-L1: Likelihood sum is RF-ATK(1) + RF-NET(1) + RF-PHYS(3) + RF-PATCH(3) = 8. Because likelihood sum >= 8, risk level must be MEDIUM.
• UC-L2: Likelihood sum is RF-ATK(1) + RF-NET(3) + RF-PHYS(3) + RF-PATCH(1) = 8. Because likelihood sum >= 8, risk level must be MEDIUM.

Further, 4.7.8.3 says:

"HIGH if ... Impact factor >= 2 combined with any likelihood factor = 3"

UC-M1 has impact factor >= 2, because RF-SAFE(1) and RF-DATA(2) (assuming the max. impact from the two must be selected), while multiple likelihood factors are 3: RF-NET(3), RF-PHYS(3). Thus, both conditions for HIGH are true.

Proposed Changes:

Change table according to follow risk level recipe, or explain why the recipe is not followed.

Further, clarify recipe for HIGH: We have two impact factors RF-SAFE and RF-DATA, but 4.7.8.3 recipe is written as if there was only one. It's unclear if we should calculate an average impact factor, or if we should select the greater of the two.