Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense126:

    Name:multidisciplinary principle (GASSP)

    Complexity: Security is achieved by the combined efforts of data owners, custodians, and security personnel. Essential properties of security cannot be built-in and preserved without other disciplines such as configuration management and quality assurance. Decisions made with due consideration of all relevant viewpoints will be better decisions and receive better acceptance. If all perspectives are represented when employing the least privilege concept, the potential for accidental exclusion of a needed capability will be reduced. This principle also acknowledges that information systems are used for different purposes. Consequently, the principles will be interpreted over a wide range of potential implementations. Groups will have differing perspectives, differing requirements, and differing resources to be consulted and combined to produce an optimal level of security for their information systems.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlProcedures - Relates to Procedures]
    [ManAlDocumentation - Relates to Documentation]
    [ManAlAudit - Relates to Audit]
    [ManAlPersonnel - Relates to Personnel]
    [ManAlIncident - Relates to Incident]
    [ManAlAwareness - Relates to Awareness]
    [ManAlOrganization - Relates to Organization]
    [Attack23 - infrastructure interference]
    [Attack29 - cascade failures]
    [Attack39 - modeling mismatches]
    [Attack82 - dependency analysis and exploitation]
    [Attack91 - combinations and sequences]