Focused On Your Success


The All.Net Security Database


Standards Cross Reference
Standards Cross Reference


Areas where standards should be developed if applicable.

Standards are commonly used to identify specific requirements associated with specific circumstances. They provide the means by which economies of scale may be attained in the reuse of well-developed and previously understood results. Standards also commonly provide easy interoperability. [Drill-Down]

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense29 - auditing]
    [Defense88 - authenticated information]
    [Defense61 - authentication of packets]
    [Defense47 - authorization limitation]
    [Defense5 - background checks]
    [Defense57 - change management]
    [Defense137 - choice of location]
    [Defense49 - classifying information as to sensitivity]
    [Defense58 - configuration management]
    [Defense91 - conservative resource allocation]
    [Defense99 - deceptions]
    [Defense87 - disable unsafe features]
    [Defense118 - document and information control procedures]
    [Defense50 - dynamic password change control]
    [Defense18 - encryption]
    [Defense139 - environmental controls]
    [Defense71 - Faraday boxes]
    [Defense6 - feeding false information]
    [Defense38 - financial situation checking]
    [Defense93 - fire doors, fire walls, asbestos suits and similar fire-limiting items]
    [Defense92 - fire suppression equipment]
    [Defense39 - good hiring practices]
    [Defense44 - hard-to-guess passwords]
    [Defense34 - improved morality]
    [Defense102 - independent computer and tool use by auditors]
    [Defense109 - independent control of audit information]
    [Defense90 - infrastructure-wide digging hotlines]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense130 - internal control principle (GASSP)]
    [Defense124 - legal agreements]
    [Defense110 - low building profile]
    [Defense107 - minimizing copies of sensitive information]
    [Defense66 - noise injection]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense19 - over-damped protocols]
    [Defense69 - path diversity]
    [Defense36 - periodic reassessment]
    [Defense134 - periods processing and color changes]
    [Defense15 - physical security]
    [Defense77 - physical switches or shields on equipment and devices]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense104 - protection of data used in system testing]
    [Defense122 - protection of names of resources]
    [Defense101 - regular review of protection measures]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense51 - secure design]
    [Defense80 - secure distribution]
    [Defense81 - secure key management]
    [Defense83 - secure or trusted channels]
    [Defense48 - security marking and/or labeling]
    [Defense40 - separation of duties]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense64 - tempest protection]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense9 - trusted applications]
    [Defense78 - trusted repair teams]
    [Defense97 - trusted system technologies]
    [Defense17 - uninterruptable power supplies and motor generators]
    [Defense113 - universal use of badges]
    [Defense2 - waste data destruction]