Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense132:

    Name:continuity principle (GASSP)

    Complexity: Organizations' needs for continuity may reflect legal, regulatory, or financial obligations of the organization, organizational goodwill, or obligations to customers, board of directors, and owners. Understanding the organization's continuity requirements will guide information security professionals in developing the information security response to business interruption or disaster. The objectives(4) of this principle are to ensure the continued operation of the organization, to minimize recovery time in response to business interruption or disaster, and to fulfill relevant requirements. The continuity principle may be applied in three basic concepts: organizational recovery, continuity of operations, and end user contingent operations. Organizational recovery is invoked whenever a primary operation site is no longer capable of sustaining operations. Continuity of operations is invoked when operations can continue at the primary site but must respond to less than desirable circumstances (such as resource limitations, environmental hazards, or hardware or software failures). End user contingent operations are invoked in both organizational recovery and continuity of operations.
    fc@red.a.net

    Related Database Material

    [PDRAvailability - Relates to Availability]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlProcedures - Relates to Procedures]
    [Attack15 - inadequate maintenance]
    [Attack23 - infrastructure interference]
    [Attack29 - cascade failures]
    [Attack39 - modeling mismatches]
    [Attack44 - desychronization and time-based attacks]
    [Attack67 - error-induced mis-operation]
    [Attack69 - induced stress failures]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack91 - combinations and sequences]