Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Attack39:

    Name:modeling mismatches

    Complexity: There is some theory about the adequacy of modeling, however, there is no general theory that addresses the protection-related issues of modeling flaws. This appears to be a very complex issue.
    fc@red.a.net

    Related Database Material

    [TBVStorage - Relates to Storage]
    [TBVProcessing - Relates to Processing]
    [TBVTransmission - Relates to Transmission]
    [TBVAccidental - Relates to Accidental]
    [TBVLeakage - Relates to Leakage]
    [TBVmasQuerade - Relates to masQuerade]
    [TBVDenial - Relates to Denial]
    [TBVUsage - Relates to Usage]
    [PDRIntegrity - Relates to Integrity]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat8 - competitors]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat23 - drug cartels]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat27 - police]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense62 - analysis of physical characteristics]
    [Defense32 - anomaly detection]
    [Defense88 - authenticated information]
    [Defense35 - awareness of implications]
    [Defense91 - conservative resource allocation]
    [Defense96 - content checking]
    [Defense132 - continuity principle (GASSP)]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense76 - effective protection mind-set]
    [Defense6 - feeding false information]
    [Defense14 - human intervention after detection]
    [Defense136 - insurance]
    [Defense37 - least privilege]
    [Defense84 - limited function]
    [Defense59 - lockouts]
    [Defense107 - minimizing copies of sensitive information]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense19 - over-damped protocols]
    [Defense69 - path diversity]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense133 - simplicity principle (GASSP)]
    [Defense52 - testing]