Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack43:

    Name:emergency procedure exploitation

    Complexity: In most cases, emergency procedures bypass many normal controls, and thus many attacks are granted during an emergency that would be far more difficult during normal operations. No complexity measure has been made of this phenomena to date.
    fc@red.a.net

    Related Database Material

    [TBVProcessing - Relates to Processing]
    [TBVMalicious - Relates to Malicious]
    [TBVLeakage - Relates to Leakage]
    [TBVmasQuerade - Relates to masQuerade]
    [TBVDenial - Relates to Denial]
    [TBVUsage - Relates to Usage]
    [PDRIntegrity - Relates to Integrity]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRTheoretical - Relates to Theoretical]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat9 - whistle blowers]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat18 - vandals]
    [Threat19 - activists]
    [Threat21 - deranged people]
    [Threat22 - organized crime]
    [Threat24 - terrorists]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat29 - infrastructure warriors]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat34 - paramilitary groups]
    [Threat35 - information warriors]
    [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense135 - alarms]
    [Defense32 - anomaly detection]
    [Defense47 - authorization limitation]
    [Defense35 - awareness of implications]
    [Defense94 - concealed services]
    [Defense114 - control physical access]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense75 - disconnect maintenance access]
    [Defense118 - document and information control procedures]
    [Defense60 - drop boxes and processors]
    [Defense139 - environmental controls]
    [Defense21 - fault isolation]
    [Defense138 - filtering devices]
    [Defense14 - human intervention after detection]
    [Defense65 - increased or enhanced perimeters]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense37 - least privilege]
    [Defense84 - limited function]
    [Defense59 - lockouts]
    [Defense82 - locks]
    [Defense107 - minimizing copies of sensitive information]
    [Defense31 - misuse detection]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense69 - path diversity]
    [Defense15 - physical security]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense28 - procedures]
    [Defense16 - redundancy]
    [Defense100 - retaining confidentiality of security status information]
    [Defense4 - sensors]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense41 - separation of function]
    [Defense103 - standby equipment]
    [Defense20 - temporary blindness]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense113 - universal use of badges]
    [Defense2 - waste data destruction]