Focused On Your Success


The All.Net Security Database

Awareness Cross Reference
Awareness Cross Reference

Things that are part of an awareness program in that they help make or keep people aware - as opposed to things that people should be aware of - which is a far longer list.

People are far more effective in playing their part in information protection when they are kept aware of what their part is. Awareness programs are used to provide assurance that awareness is kept up-to-date. [Drill-Down] [Drill-Down]

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental
    • [Defense35 - awareness of implications]
    [Defense57 - change management]
    [Defense105 - Chinese walls]
    [Defense49 - classifying information as to sensitivity]
    [Defense120 - clear line of responsibility for protection]
    [Defense123 - compliance with laws and regulations]
    [Defense94 - concealed services]
    [Defense118 - document and information control procedures]
    [Defense50 - dynamic password change control]
    [Defense76 - effective protection mind-set]
    [Defense6 - feeding false information]
    [Defense39 - good hiring practices]
    [Defense44 - hard-to-guess passwords]
    [Defense119 - individual accountability for all assets and actions]
    [Defense90 - infrastructure-wide digging hotlines]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense130 - internal control principle (GASSP)]
    [Defense79 - inventory control]
    [Defense124 - legal agreements]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense25 - policies]
    [Defense122 - protection of names of resources]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense80 - secure distribution]
    [Defense48 - security marking and/or labeling]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense52 - testing]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense113 - universal use of badges]
    [Defense2 - waste data destruction]