Ami-sec risk Assessment & System Requirements


Threat Descriptions Administrative Threats



Yüklə 1,35 Mb.
səhifə8/30
tarix28.10.2017
ölçüsü1,35 Mb.
#17655
1   ...   4   5   6   7   8   9   10   11   ...   30

Threat Descriptions

  1. Administrative Threats


Administrative threats are those threats that are caused by malicious or negligent administrators. These threats are listed below in Table 5.

Table 5. Administrative Threats






Threat Name

Severity

Likelihood

Description

T.Admin.Cred.1







An entity gives access to information assets to inappropriate users

T.Admin.Cred.2







An AMI entity with proper access gives access to resource assets to inappropriate users

T.Admin.Cred.3







An AMI entity with proper access gives access to service assets to inappropriate users

T.Admin.Enroll.1







An AMI entity with proper access enrolls a user with inappropriate levels of access control. .









































































T.Admin.Lockout.1







An entity uses the Lockout service asset in an unauthorized manner to lock out a user.

T.Admin.Lockout.2







An entity uses the Lockout service asset in an unauthorized manner to unlock a locked out a user.





































T.Admin.Policy.4







An entity gains unintentional access to objects in another system due to information sharing between the two information systems.

T.Admin.Policy.5







An AMI entity with access creates a large policy causing an exhaustion of storage space.













T.Admin.Policy.7







An AMI entity without proper access exploits policy flaws to gain improper (unintended) access to assets.













T.Admin.Policy.9







An AMI entity with access enters/modifies AMI policy incorrectly, due to a lack of understanding of the policy system.

T.Admin.Policy.10







An AMI entity with access enters/modifies AMI policy incorrectly, due to a lack of understanding of the current policy.

T.Admin.Policy.11







An AMI entity with access enters/modifies AMI policy maliciously to cause information disclosure or loss.

T.Admin.Policy.12







An AMI entity with access enters inconsistent AMI policy.

T.Admin.Policy.13







An AMI entity with access imports a malicious AMI organizational policy.

T.Admin.Policy.14







A policy authority provides a malicious AMI organizational policy.

























T.Admin.Policy.17







Required organizational policies are inconsistent resulting in denial of service.




























      1. Yüklə 1,35 Mb.

        Dostları ilə paylaş:
1   ...   4   5   6   7   8   9   10   11   ...   30




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin