Focused On Your Success


The All.Net Security Database


Procedures Cross Reference
Procedures Cross Reference


Areas where procedures are normally in place as part of the process.

Procedures are the instantiation of standards in specific, realizable, terms.

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense135 - alarms]
    [Defense30 - audit analysis]
    [Defense29 - auditing]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense88 - authenticated information]
    [Defense47 - authorization limitation]
    [Defense8 - automated protection checkers and setters]
    [Defense35 - awareness of implications]
    [Defense5 - background checks]
    [Defense46 - biometrics]
    [Defense33 - capture and punishment]
    [Defense57 - change management]
    [Defense105 - Chinese walls]
    [Defense137 - choice of location]
    [Defense49 - classifying information as to sensitivity]
    [Defense120 - clear line of responsibility for protection]
    [Defense94 - concealed services]
    [Defense58 - configuration management]
    [Defense91 - conservative resource allocation]
    [Defense96 - content checking]
    [Defense132 - continuity principle (GASSP)]
    [Defense114 - control physical access]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense3 - detect waste examination]
    [Defense87 - disable unsafe features]
    [Defense75 - disconnect maintenance access]
    [Defense118 - document and information control procedures]
    [Defense60 - drop boxes and processors]
    [Defense50 - dynamic password change control]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense139 - environmental controls]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense38 - financial situation checking]
    [Defense56 - fine-grained access control]
    [Defense92 - fire suppression equipment]
    [Defense39 - good hiring practices]
    [Defense44 - hard-to-guess passwords]
    [Defense14 - human intervention after detection]
    [Defense102 - independent computer and tool use by auditors]
    [Defense109 - independent control of audit information]
    [Defense119 - individual accountability for all assets and actions]
    [Defense74 - information flow controls]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense130 - internal control principle (GASSP)]
    [Defense79 - inventory control]
    [Defense67 - jamming]
    [Defense53 - known-attack scanning]
    [Defense124 - legal agreements]
    [Defense59 - lockouts]
    [Defense82 - locks]
    [Defense111 - minimize traffic in work areas]
    [Defense107 - minimizing copies of sensitive information]
    [Defense31 - misuse detection]
    [Defense42 - multi-person controls]
    [Defense43 - multi-version programming]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense66 - noise injection]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense22 - out-of-range detection]
    [Defense69 - path diversity]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense134 - periods processing and color changes]
    [Defense15 - physical security]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense12 - properly prioritized resource usage]
    [Defense104 - protection of data used in system testing]
    [Defense12 - properly prioritized resource usage]
    [Defense2 - waste data destruction]
    [Defense70 - quad-tri-multi-angulation]
    [Defense11 - quotas]
    [Defense101 - regular review of protection measures]
    [Defense23 - reintegration]
    [Defense26 - rerouting attacks]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense51 - secure design]
    [Defense80 - secure distribution]
    [Defense81 - secure key management]
    [Defense83 - secure or trusted channels]
    [Defense48 - security marking and/or labeling]
    [Defense4 - sensors]
    [Defense40 - separation of duties]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense103 - standby equipment]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense73 - trunk access restriction]
    [Defense78 - trusted repair teams]
    [Defense97 - trusted system technologies]
    [Defense17 - uninterruptable power supplies and motor generators]
    [Defense113 - universal use of badges]
    [Defense2 - waste data destruction]