Ami-sec risk Assessment & System Requirements



Yüklə 1,35 Mb.
səhifə12/30
tarix28.10.2017
ölçüsü1,35 Mb.
#17655
1   ...   8   9   10   11   12   13   14   15   ...   30

Initialization Threats


Initialization threats are those threats that occur during initialization of AMI components and during distribution of AMI components. The specific threats are listed below in Table 13.

Table 13. Initialization Threats






Threat Name

Severity

Likelihood

Description

T.Initialize.Configuration.1

High

Unusual

A AMI entity with access to the Initialization service asset provides faulty configuration information to the AMI component resource asset.

T.Initialize.Configuration.2

High

Unusual

A AMI entity with access to the Initialization service asset provides faulty trust anchors to the AMI component resource asset.

T.Initialize.Configuration.3

High

Unusual

A AMI entity with access to the Initialization service asset provides faulty hardware as a AMI component resource asset.

T.Initialize.Distribution.1

High

Likely

An entity intercepts distribution of AMI components, and replaces AMI hardware with malicious hardware.

T.Initialize.Distribution.2

High

Likely

An entity intercepts distribution of AMI components, and replaces AMI software with malicious software.



      1. Insider Threats


Insider threats are those threats that directly involve authorized users of the system operating maliciously or negligently. The specific threats are listed below in Table 14.

Table 14. Insider Threats






Threat Name

Severity

Likelihood

Description

T.Insider.Aggregation.1

Low

Unusual

An AMI entity with access browses files to collect information (aggregation attack).

T.Insider.Confusion.1

Medium

Likely

An AMI entity with access configures the system incorrectly because the system is too complex.

T.Insider.Confusion.2

Medium

Likely

An AMI entity with access performs some insecure actions because the system is too complex.

T.Insider.Confusion.3

Medium

Likely

A non-English speaking AMI entity performs insecure actions due to confusion about how to use the system securely.

T.Insider.Misinfo.1

High

Unusual

An AMI entity with access improperly enters, edits, or imports content resulting in misinformation.

T.Insider.Mislabel.1

Medium

Likely

An AMI entity with access creates, enters, edits, or imports content and labels it with incorrect security attributes resulting in unauthorized disclosure.

T.Insider.Mislabel.2

Medium

Likely

An entity enters, edits unauthorized values in the information attributes resulting in exfiltration of information assets.

T.Insider.Misuse.Info.1

Medium

Likely

An AMI entity with access to an information asset attempts to exfiltrate that information asset to a potential covert channel.

T.Insider.Misuse.Info.2

Medium

Likely

An AMI entity with access to an information asset prints that asset and discloses it to an inappropriate individual.

T.Insider.Misuse.Res.1

Low

Unlikely

An AMI entity with access to a resource asset attempts to access greater than its quota of that resource asset (e.g., bandwidth quota or data repository quota).

      1. Yüklə 1,35 Mb.

        Dostları ilə paylaş:
1   ...   8   9   10   11   12   13   14   15   ...   30




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin