Focused On Your Success


The All.Net Security Database


Incident Handling Cross Reference
Incident Handling Cross Reference


Things that are used in support of or should be part of incident handling.

When incidents occur, if they are detected, the organization's response results in the reassertion of control that was partially lost during the incident. A better response capability provides the means for regaining control more quickly and with less damage along the way. [Drill-Down]

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Defense131 - adversary principle (GASSP)]
    [Defense135 - alarms]
    [Defense62 - analysis of physical characteristics]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense29 - auditing]
    [Defense47 - authorization limitation]
    [Defense8 - automated protection checkers and setters]
    [Defense35 - awareness of implications]
    [Defense5 - background checks]
    [Defense33 - capture and punishment]
    [Defense120 - clear line of responsibility for protection]
    [Defense123 - compliance with laws and regulations]
    [Defense58 - configuration management]
    [Defense96 - content checking]
    [Defense114 - control physical access]
    [Defense99 - deceptions]
    [Defense129 - democracy principle (GASSP)]
    [Defense72 - detailed audit]
    [Defense3 - detect waste examination]
    [Defense87 - disable unsafe features]
    [Defense75 - disconnect maintenance access]
    [Defense118 - document and information control procedures]
    [Defense50 - dynamic password change control]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense138 - filtering devices]
    [Defense92 - fire suppression equipment]
    [Defense14 - human intervention after detection]
    [Defense65 - increased or enhanced perimeters]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense67 - jamming]
    [Defense53 - known-attack scanning]
    [Defense84 - limited function]
    [Defense85 - limited sharing]
    [Defense86 - limited transitivity]
    [Defense59 - lockouts]
    [Defense82 - locks]
    [Defense111 - minimize traffic in work areas]
    [Defense31 - misuse detection]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense66 - noise injection]
    [Defense69 - path diversity]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense15 - physical security]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense12 - properly prioritized resource usage]
    [Defense70 - quad-tri-multi-angulation]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense23 - reintegration]
    [Defense26 - rerouting attacks]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense51 - secure design]
    [Defense80 - secure distribution]
    [Defense4 - sensors]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense103 - standby equipment]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense73 - trunk access restriction]
    [Defense78 - trusted repair teams]
    [Defense17 - uninterruptable power supplies and motor generators]
    [Defense2 - waste data destruction]