Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Defense131:

    Name:adversary principle (GASSP)

    Complexity: Natural hazards may strike all susceptible assets. Adversaries will threaten systems according to their own objectives. Information security professionals, by anticipating the objectives of potential adversaries and defending against those objectives, will be more successful in preserving the integrity of information. It is also the basis for the practice of assuming that any system or interface that is not controlled is assumed to have been compromised.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRReact - Relates to React]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlPersonnel - Relates to Personnel]
    [ManAlIncident - Relates to Incident]
    [ManAlLegal - Relates to Legal]
    [ManAlPhysical - Relates to Physical]
    [Attack17 - dumpster diving]
    [Attack18 - fictitious people]
    [Attack20 - resource availability manipulation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack23 - infrastructure interference]
    [Attack26 - observation in transit]
    [Attack27 - modification in transit]
    [Attack30 - bribes and extortion]
    [Attack31 - get a job]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack38 - device access exploitation]
    [Attack41 - implied trust exploitation]
    [Attack43 - emergency procedure exploitation]
    [Attack47 - viruses]
    [Attack49 - van Eck bugging]
    [Attack50 - electronic interference]
    [Attack52 - audio/video viewing]
    [Attack53 - repair-replace-remove information]
    [Attack56 - data aggregation]
    [Attack58 - content-based attacks]
    [Attack65 - residual data gathering]
    [Attack69 - induced stress failures]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack71 - false updates]
    [Attack73 - distributed coordinated attacks]
    [Attack74 - man-in-the-middle]
    [Attack76 - replay attacks]
    [Attack77 - cryptanalysis]
    [Attack78 - breaking key management systems]
    [Attack80 - error insertion and analysis]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack84 - below-threshold attacks]
    [Attack85 - peer relationship exploitation]
    [Attack88 - collaborative misuse]
    [Attack89 - race conditions]
    [Attack90 - strategic or tactical deceptions]
    [Attack91 - combinations and sequences]
    [Attack94 - repudiation]