Focused On Your Success


The All.Net Security Database

Policy Cross Reference
Policy Cross Reference

Policy elements to be considered.

Policy is a governance issue. Properly defined policies identify organizational values and associate responsibility with assuring that those values are attained and retained. Policy normally provides the means for decision making and power, provides an authorized means of appealing decisions, and identifies other governance issues and bodies tasked with making day-to-day operational decisions. [Drill-Down]

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental
    • [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense29 - auditing]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense47 - authorization limitation]
    [Defense5 - background checks]
    [Defense57 - change management]
    [Defense105 - Chinese walls]
    [Defense137 - choice of location]
    [Defense49 - classifying information as to sensitivity]
    [Defense120 - clear line of responsibility for protection]
    [Defense123 - compliance with laws and regulations]
    [Defense96 - content checking]
    [Defense132 - continuity principle (GASSP)]
    [Defense99 - deceptions]
    [Defense129 - democracy principle (GASSP)]
    [Defense87 - disable unsafe features]
    [Defense118 - document and information control procedures]
    [Defense18 - encryption]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense38 - financial situation checking]
    [Defense39 - good hiring practices]
    [Defense109 - independent control of audit information]
    [Defense119 - individual accountability for all assets and actions]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense127 - integration principle (GASSP)]
    [Defense130 - internal control principle (GASSP)]
    [Defense67 - jamming]
    [Defense37 - least privilege]
    [Defense124 - legal agreements]
    [Defense59 - lockouts]
    [Defense110 - low building profile]
    [Defense107 - minimizing copies of sensitive information]
    [Defense31 - misuse detection]
    [Defense66 - noise injection]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense69 - path diversity]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense15 - physical security]
    [Defense25 - policies]
    [Defense12 - properly prioritized resource usage]
    [Defense104 - protection of data used in system testing]
    [Defense122 - protection of names of resources]
    [Defense11 - quotas]
    [Defense101 - regular review of protection measures]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense80 - secure distribution]
    [Defense48 - security marking and/or labeling]
    [Defense4 - sensors]
    [Defense40 - separation of duties]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense73 - trunk access restriction]
    [Defense9 - trusted applications]
    [Defense78 - trusted repair teams]
    [Defense97 - trusted system technologies]
    [Defense17 - uninterruptable power supplies and motor generators]
    [Defense113 - universal use of badges]
    [Defense2 - waste data destruction]