Part of the Defense.tex database ()

Focused On Your Success

The All.Net Security Database

Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism: Threat Profiles Attack Methods Defense Methods Process: Prevention Detection Reaction Impact: Integrity Availability Confidential Use Control	Other: Risk Management Database Description Domain: Physical Informational Systemic Sophistication: Theoretical Demonstrated Widespread	Perspectives: Management Policy Standards Procedures Documentation Audit Testing Technical Safeguards Personnel Incident Handling Legal Physical Awareness Training Education Organization
Brekne's Mechanistic: Input Output Storage Processing Transmission	Brekne's Causal: Accidental Malicious	Brekne's Method: Leakage Masquerade Denial Corruption Usage Mental

Defense121:

Name:program change logs

Changes in programs are accounted for in detail. Examples include automated change tracking systems, version control systems, and full-blown change control systems. Complexity: Change control is often too expensive to be justified and is commonly underestimated. Sound change control is hard to attain and approximately doubles the software costs of a system. [Cohen94-2]

fc@red.a.net

Related Database Material

[PDRDetect - Relates to Detect]
[PDRIntegrity - Relates to Integrity]
[PDRWidespread - Relates to Widespread]
[PLSLogical - Relates to Logical]
[ManAlProcedures - Relates to Procedures]
[ManAlDocumentation - Relates to Documentation]
[ManAlAudit - Relates to Audit]
[ManAlTesting - Relates to Testing]
[Attack12 - relocation]
[Attack13 - system maintenance]
[Attack14 - testing]
[Attack16 - Trojan horses]
[Attack19 - protection missetting exploitation]
[Attack23 - infrastructure interference]
[Attack27 - modification in transit]
[Attack31 - get a job]
[Attack34 - undocumented or unknown function exploitation]
[Attack51 - PBX bugging]
[Attack62 - call forwarding fakery]
[Attack64 - illegal value insertion]
[Attack71 - false updates]
[Attack90 - strategic or tactical deceptions]