Errors
and threats are frequently two sides of the same coin: something that could
happen to assets without bad intentions or deliberately. There are three
possible combinations:
·
Threats
that may only be errors, but never deliberate attacks.
·
Threats
that are never errors, they are always deliberate attacks.
·
Threats
that may occur either by error or deliberately.
To face
this situation, the errors and threats have been numbered so that they can be
correlated. The following table matches
errors with attacks, showing this correlation. The “Attack” column is left blank when the threat is simply an error. The “Error” column
is left blank when the threat is always deliberate.
|
number |
error |
attack |
|
1 |
User errors |
|
|
2 |
System / Security administrator
errors |
|
|
3 |
Monitoring (logging) errors |
Manipulation of activity records |
|
4 |
Configuration errors |
Manipulation of the configuration
files |
|
5 |
|
Masquerading of user identity |
|
6 |
|
Abuse of access privileges |
|
7 |
|
Misuse |
|
8 |
Malware diffusion |
Malware diffusion |
|
9 |
[Re-]routing errors |
[Re-]routing of messages |
|
10 |
Sequence errors |
Sequence alteration |
|
11 |
|
Unauthorised access |
|
12 |
|
Traffic analysis |
|
13 |
|
Repudiation |
|
14 |
|
Eavesdropping |
|
15 |
Accidental alteration of
information |
Deliberate alteration of
information |
|
18 |
Destruction of information |
Destruction of information |
|
19 |
Information leaks |
Disclosure of information |
|
20 |
Software vulnerabilities |
|
|
21 |
Defects in software maintenance /
updating |
|
|
22 |
|
Software manipulation |
|
23 |
Defects in hardware maintenance /
updating |
Equipment manipulation |
|
24 |
System failure
due to exhaustion of resources |
Denial of service |
|
25 |
Equipment loss |
Theft |
|
26 |
|
Destructive attack |
|
27 |
|
Enemy over-run |
|
28 |
Staff shortage |
Staff shortage |
|
29 |
|
Extortion |
|
30 |
|
Social engineering |
Related Topics