Focused On Your Success


The All.Net Security Database


Personnel Cross Reference
Personnel Cross Reference


Issues where the personnel department should be involved in the process.

Personnel carry out the protection activities. Given proper guidance, knowledge, and controls, people doing their jobs properly will result in effective protection.

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense35 - awareness of implications]
    [Defense33 - capture and punishment]
    [Defense120 - clear line of responsibility for protection]
    [Defense123 - compliance with laws and regulations]
    [Defense114 - control physical access]
    [Defense129 - democracy principle (GASSP)]
    [Defense13 - detection before failure]
    [Defense118 - document and information control procedures]
    [Defense76 - effective protection mind-set]
    [Defense38 - financial situation checking]
    [Defense56 - fine-grained access control]
    [Defense39 - good hiring practices]
    [Defense34 - improved morality]
    [Defense119 - individual accountability for all assets and actions]
    [Defense89 - integrity checking]
    [Defense130 - internal control principle (GASSP)]
    [Defense124 - legal agreements]
    [Defense59 - lockouts]
    [Defense107 - minimizing copies of sensitive information]
    [Defense42 - multi-person controls]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense15 - physical security]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense26 - rerouting attacks]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense51 - secure design]
    [Defense80 - secure distribution]
    [Defense81 - secure key management]
    [Defense40 - separation of duties]
    [Defense41 - separation of function]
    [Defense27 - standards]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense73 - trunk access restriction]
    [Defense78 - trusted repair teams]
    [Defense113 - universal use of badges]