Focused On Your Success


The All.Net Security Database


Systemic Cross Reference
Systemic Cross Reference


Systemic issues deal with the way overall systems work and typically involve combinations of physical and informational elements.

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Attack68 - audit suppression]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack84 - below-threshold attacks]
    [Attack29 - cascade failures]
    [Attack88 - collaborative misuse]
    [Attack91 - combinations and sequences]
    [Attack79 - covert channels]
    [Attack77 - cryptanalysis]
    [Attack82 - dependency analysis and exploitation]
    [Attack44 - desychronization and time-based attacks]
    [Attack73 - distributed coordinated attacks]
    [Attack43 - emergency procedure exploitation]
    [Attack80 - error insertion and analysis]
    [Attack67 - error-induced mis-operation]
    [Attack71 - false updates]
    [Attack31 - get a job]
    [Attack41 - implied trust exploitation]
    [Attack69 - induced stress failures]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack25 - insertion in transit]
    [Attack83 - interprocess communication attacks]
    [Attack92 - kiting]
    [Attack74 - man-in-the-middle]
    [Attack39 - modeling mismatches]
    [Attack27 - modification in transit]
    [Attack46 - multiple error inducement]
    [Attack72 - network service and protocol attacks]
    [Attack26 - observation in transit]
    [Attack85 - peer relationship exploitation]
    [Attack87 - piggybacking]
    [Attack57 - process bypassing]
    [Attack89 - race conditions]
    [Attack81 - reflexive control]
    [Attack76 - replay attacks]
    [Attack94 - repudiation]
    [Attack65 - residual data gathering]
    [Attack20 - resource availability manipulation]
    [Attack93 - salami attacks]
    [Attack75 - selected plaintext]
    [Attack22 - spoofing and masquerading]
    [Attack28 - sympathetic vibration]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense135 - alarms]
    [Defense32 - anomaly detection]
    [Defense29 - auditing]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense88 - authenticated information]
    [Defense47 - authorization limitation]
    [Defense57 - change management]
    [Defense105 - Chinese walls]
    [Defense137 - choice of location]
    [Defense49 - classifying information as to sensitivity]
    [Defense58 - configuration management]
    [Defense132 - continuity principle (GASSP)]
    [Defense129 - democracy principle (GASSP)]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense118 - document and information control procedures]
    [Defense7 - effective mandatory access control]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense21 - fault isolation]
    [Defense38 - financial situation checking]
    [Defense39 - good hiring practices]
    [Defense14 - human intervention after detection]
    [Defense102 - independent computer and tool use by auditors]
    [Defense109 - independent control of audit information]
    [Defense74 - information flow controls]
    [Defense136 - insurance]
    [Defense127 - integration principle (GASSP)]
    [Defense130 - internal control principle (GASSP)]
    [Defense37 - least privilege]
    [Defense84 - limited function]
    [Defense85 - limited sharing]
    [Defense86 - limited transitivity]
    [Defense59 - lockouts]
    [Defense31 - misuse detection]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense69 - path diversity]
    [Defense36 - periodic reassessment]
    [Defense134 - periods processing and color changes]
    [Defense25 - policies]
    [Defense12 - properly prioritized resource usage]
    [Defense104 - protection of data used in system testing]
    [Defense122 - protection of names of resources]
    [Defense70 - quad-tri-multi-angulation]
    [Defense11 - quotas]
    [Defense101 - regular review of protection measures]
    [Defense23 - reintegration]
    [Defense51 - secure design]
    [Defense80 - secure distribution]
    [Defense81 - secure key management]
    [Defense83 - secure or trusted channels]
    [Defense40 - separation of duties]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]