Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Defense129:

    Name:democracy principle (GASSP)

    Complexity: It is important that the security of information systems is compatible with the legitimate use and flow of data and information in the context of the host society. It is appropriate that the nature and amount of data that can be collected is balanced by the nature and amount of data that should be collected. It is also important that the accuracy of collected data is assured in accordance with the amount of damage that may occur due to its corruption. For example, individuals' privacy should be protected against the power of computer matching. Public and private information should be explicitly identified. Organization policy on monitoring information systems should be documented to limit organizational liability, to reduce potential for abuse, and to permit prosecution when abuse is detected. The monitoring of information and individuals should be performed within a system of internal controls to prevent abuse. Note: The authority for the following candidate principles has not been established by committee consensus, nor are they derived from the OECD principles. These principles are submitted for consideration as additional pervasive principles.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRIntegrity - Relates to Integrity]
    [PDRTheoretical - Relates to Theoretical]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlPersonnel - Relates to Personnel]
    [ManAlIncident - Relates to Incident]
    [ManAlOrganization - Relates to Organization]