[A.5] Masquerading of user identity

Types of assets:

·         [D] data / information

·         [keys] cryptographic keys

·         [S] services

·         [SW] software

·         [COM] communication networks

Dimensions:

1.   [C] confidentiality

2.   [Auth] authenticity

3.   [I] integrity

Description:

When attackers manage to appear as authorised users,  they enjoy the users’ privileges for their own purposes.

This threat may be perpetrated by internal personnel, by persons outside the organisation or by persons contracted temporarily.

See:

EBIOS: 40 - FORGING OF RIGHTS