1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Introduction
7 Reference model of an ICT service system with risk identification
8 Functional components of risk identification subsystem
8.1 Risk-monitoring module
8.2 Risk repository module
8.3 Risk identification engine
9 Authentication subsystem
10 Alternative processing designs for risk identification engine
Annex A – Non-functional design considerations
A.1 Non-functional design criteria
A.2 Stability
A.3 Security
A.4 Flexibility
A.5 Ease of integration
A.6 Manageability
A.7 Auditability
Appendix I – Use case: Risk identification to optimize login authentication
Appendix II – A risk repository example for
mobile payment system
Appendix III – A mathematical interpretation of a multi-tier processing
design
Bibliography