Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense133:

    Name:simplicity principle (GASSP)

    Complexity: Simple safeguards can be thoroughly understood and tested. Vulnerabilities can be more easily detected. Small, simple safeguards are easier to protect than large, complex ones. It is easier to gain user acceptance of a small, simple safeguard than a large, complex safeguard.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRIntegrity - Relates to Integrity]
    [PDRTheoretical - Relates to Theoretical]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [ManAlPhysical - Relates to Physical]
    [ManAlAwareness - Relates to Awareness]
    [ManAlTraining - Relates to Training]
    [ManAlOrganization - Relates to Organization]
    [Attack13 - system maintenance]
    [Attack23 - infrastructure interference]
    [Attack38 - device access exploitation]
    [Attack39 - modeling mismatches]
    [Attack40 - simultaneous access exploitations]
    [Attack45 - imperfect daemon exploits]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack91 - combinations and sequences]