Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense57:

    Name:change management

    Complexity: Proper change control demands that, in the production system, no programming capability be available. The verification of the propriety of changes is complex and, in general, may be comparable to proof of program correctness which is well known to be at least NP-complete.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRDetect - Relates to Detect]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlDocumentation - Relates to Documentation]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlAwareness - Relates to Awareness]
    [ManAlTraining - Relates to Training]
    [ManAlEducation - Relates to Education]
    [ManAlOrganization - Relates to Organization]
    [Attack1 - errors and omissions]
    [Attack7 - solar flares]
    [Attack10 - static]
    [Attack12 - relocation]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack19 - protection missetting exploitation]
    [Attack20 - resource availability manipulation]
    [Attack23 - infrastructure interference]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack29 - cascade failures]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack40 - simultaneous access exploitations]
    [Attack44 - desychronization and time-based attacks]
    [Attack47 - viruses]
    [Attack48 - data diddling]
    [Attack62 - call forwarding fakery]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack67 - error-induced mis-operation]
    [Attack71 - false updates]
    [Attack78 - breaking key management systems]
    [Attack79 - covert channels]
    [Attack82 - dependency analysis and exploitation]
    [Attack90 - strategic or tactical deceptions]