Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Defense128:

    Name:timeliness principle (GASSP)

    Complexity: Due to the interconnected and transborder nature of information systems and the potential for damage to systems to occur rapidly, organizations may need to act together swiftly to meet challenges to the security of information systems. In addition, international and many national bodies require organizations to respond in a timely manner to requests by individuals for corrections of privacy data. This principle recognizes the need for the public and private sectors to establish mechanisms and procedures for rapid and effective incident reporting, handling, and response. This principle also recognizes the need for information security principles to use current, certifiable threat and vulnerability information when making risk decisions, and current certifiable safeguard implementation and availability information when making risk reduction decisions. For example, an information system may also have a requirement for rapid and effective incident reporting, handling, and response. In an information system, this may take the form of time limits for reset and recovery after a failure or disaster. Each component of a continuity plan, continuity of operations plans, and disaster recovery plan should have timeliness as a criteria. These criteria should include provisions for the impact the event (e.g., disaster) may have on resource availability and the ability to respond in a timely manner.
    fc@red.a.net

    Related Database Material

    [PDRAvailability - Relates to Availability]
    [PDRUse - Relates to Use]
    [PDRWidespread - Relates to Widespread]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [ManAlLegal - Relates to Legal]
    [ManAlPhysical - Relates to Physical]
    [ManAlOrganization - Relates to Organization]
    [Attack14 - testing]
    [Attack19 - protection missetting exploitation]
    [Attack23 - infrastructure interference]
    [Attack28 - sympathetic vibration]
    [Attack43 - emergency procedure exploitation]
    [Attack44 - desychronization and time-based attacks]
    [Attack69 - induced stress failures]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack75 - selected plaintext]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack91 - combinations and sequences]
    [Attack92 - kiting]
    [Attack93 - salami attacks]
    [Attack94 - repudiation]