| General Threats | General Policy Statements | General Assumptions |
| Detailed Attacks | Detailed Policy Statements |
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | System |
| Attitude | Deliberate | Action | Destroy or falsify | Locations | TOE |
| Motive | Hostile | Vulnerabilities | Inadequate protection of audit data | Security Functions | FAU |
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_IFC, DA.Adm_Hstl_Mod_SEP, DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_Err_Audit, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.User_Collect_Deceive, DA.User_Err_AttrXpt, DA.User_Err_Object_Attr, DA.User_Modify_Audit
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | System, User Data |
| Attitude | Deliberate | Action | Modify access control attributes | Locations | TOE |
| Motive | Hostile | Vulnerabilities | Security Functions | FDP | |
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_SEP, DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.Hack_Masq_Uwkstn, DA.User_Collect_Deceive, DA.User_Err_AttrXpt, DA.User_Err_Object_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability, Integrity |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Modification of user data or applications | Locations | TOE |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_Err_Info, DA.Admin_Err_Resource, DA.Admin_Err_User_Attr, DA.Hack_Masq_Uwkstn, DA.Hack_Prcsr_Overload, DA.User_Comm_Overload, DA.User_Err_AttrXpt, DA.User_Err_Data_Export, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_MsngAttrXpt, DA.User_Err_Set_Attr, DA.User_Modify_Data, DA.User_Obst_Res_Use, DA.User_Send_Integrity, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Any |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Modification of Information Flow Control | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | Results: Loss of integrity allowing unauthorized user to view the data and loss of availability where the user does not have availability to the data as it is sent to the wrong location. | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Audit_Dstr, DA.Adm_Hstl_Mod_Data_AC, DA.Adm_Hstl_Mod_DataAps, DA.Adm_Hstl_Mod_SEP, DA.Adm_Hstl_Mod_TSFCode, DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_Err_Audit, DA.Admin_Err_Info, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Resource, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.Admin_UserPriv_Agg, DA.Admin_UserPriv_Gen, DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_Prcsr_Overload, DA.Hack_Stg_Overload, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Collect_Deduce, DA.User_Collect_Eaves, DA.User_Collect_Residue, DA.User_Comm_Overload, DA.User_Err_AttrXpt, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_Data_Export, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_MsngAttrXpt, DA.User_Err_Object_Attr, DA.User_Err_Set_Attr, DA.User_Modify_Audit, DA.User_Modify_Data, DA.User_Obst_Res_Use, DA.User_Prcsr_Overload, DA.User_Send_Conf, DA.User_Send_Integrity, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Modification of system entry parameters | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Any | Editorial | Results: loss of security protection, potential loss of availability, confidentiality, and integrity due to actions that can be taken after unauthorized access is gained | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_Data_AC, DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_Err_Audit, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.Hack_Masq_Uwkstn, DA.User_Collect_Deceive, DA.User_Err_AttrXpt, DA.User_Err_Object_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | System |
| Attitude | Deliberate | Action | Modify TSF or system code | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | FPT | |
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_IFC, DA.Adm_Hstl_Mod_SEP, DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.User_Collect_Deceive, DA.User_Err_AttrXpt, DA.User_Err_Object_Attr, DA.User_Modify_Audit
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Modification of user/subject binding | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | High | ||||
| Localities | Any | Editorial | Result: Loss of object integrity and accountability | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Audit_Dstr, DA.Adm_Hstl_Mod_Data_AC, DA.Adm_Hstl_Mod_IFC, DA.Adm_Hstl_Mod_SEP, DA.Adm_Hstl_Mod_TSFCode, DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_Err_Audit, DA.Admin_Err_Authentic, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Comm_Overload, DA.Hack_Crypto_ChsnCy, DA.Hack_Crypto_ChsnPln, DA.Hack_Crypto_ChsnTxt, DA.Hack_Crypto_PlnTxt, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_MsgData_SndTSF, DA.User_Collect_Deceive, DA.User_Err_AttrXpt, DA.User_Err_Object_Attr, DA.User_Modify_Audit
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Any |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Modification of user attributes and/or roles | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Any | Editorial | Threat Results: Loss of availability if modification of the user's attributes causes inability for the user to perform authorized actions. Loss of integrity or confidentiality if a user is given unauthorized access to assets due to attributes or roles inappropriately given them. | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_Data_AC, DA.Adm_Hstl_Mod_DataAps, DA.Adm_Hstl_Mod_SEP, DA.Admin_Err_Audit, DA.Admin_Err_Info, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Resource, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.Admin_UserPriv_Gen, DA.Hack_Masq_Uwkstn, DA.Hack_Prcsr_Overload, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Collect_Eaves, DA.User_Comm_Overload, DA.User_Err_AttrXpt, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_Data_Export, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_MsngAttrXpt, DA.User_Err_Object_Attr, DA.User_Err_Set_Attr, DA.User_Modify_Data, DA.User_Obst_Res_Use, DA.User_Prcsr_Overload, DA.User_Send_Conf, DA.User_Send_Integrity, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Loss_Types | Security Protection | |
| Authentication | Privileged | Human_Role | IT Capabilities | System | |
| Attitude | Accidental | Action | Locations | TOE | |
| Motive | Negligent | Vulnerabilities | Security Functions | FDP | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | Effect: Loss of security protection | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.User_Err_AttrXpt, DA.User_Err_Object_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | FAU | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | Effect: Loss of accountability, loss of integrity | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.User_Err_Object_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | |||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Audit, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.User_Err_Object_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Resource, DA.Admin_Err_User_Attr, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Inaction | Locations | TOE |
| Motive | Constructive | Vulnerabilities | administrator frailty | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Audit, DA.Admin_Err_Sys_Entry, DA.Admin_Err_User_Attr, DA.User_Err_Object_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Info, DA.Admin_Err_User_Attr, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Audit, DA.Admin_Err_Omit_Trap, DA.Admin_Err_User_Attr, DA.User_Err_Object_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability, Security Protection |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Admin_Err_Audit, DA.Admin_Err_Info, DA.Admin_Err_Omit_Trap, DA.Admin_Err_Resource, DA.Admin_Err_Sys_Entry, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_Object_Attr, DA.User_Err_Set_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Aggregate user data | Locations | Any |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_IFC, DA.Adm_Hstl_Mod_UsrAttr, DA.Admin_UserPriv_Gen, DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Collect_Deduce, DA.User_Collect_Eaves, DA.User_Collect_Residue, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Observe system data | Locations | TOE |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Adm_Hstl_Mod_UsrAttr, DA.Hack_Masq_Uwkstn, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Collect_Eaves, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Loss_Types | ||
| Authentication | Identified | Human_Role | IT Capabilities | ||
| Attitude | Deliberate | Action | install trap door | Locations | |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | |||||
| Localities | Any | Editorial | Threat Source: Developer, pre-deployment or operational phase Threat results: loss of TOE security protection Exploited vulnerabilities: developer frailty, inadequate product evaluation |
||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_Masq_Uwkstn
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Maliciously circumvents access control through a code vulnerability | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | Results: Varies depending on the hackers actions after the break-in. | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Any |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Penetrate weak access control | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | Results: Vary depending on hacker actions after break-in. | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_Prcsr_Overload, DA.Hack_Stg_Overload, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Collect_Deduce, DA.User_Collect_Eaves, DA.User_Collect_Residue, DA.User_Comm_Overload, DA.User_Err_AttrXpt, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_Data_Export, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_MsngAttrXpt, DA.User_Err_Object_Attr, DA.User_Err_Set_Attr, DA.User_Modify_Audit, DA.User_Modify_Data, DA.User_Obst_Res_Use, DA.User_Prcsr_Overload, DA.User_Send_Conf, DA.User_Send_Integrity, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability, Security Protection |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Excessively use communication resources | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality, Security Protection |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Cryptoanalysis | Locations | |
| Motive | Hostile | Vulnerabilities | inadequate strength of function, inadequate separation of plaintext and ciphertext | Security Functions | |
| Sophistication | High | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Comm_Overload, DA.Hack_Crypto_ChsnPln, DA.Hack_Crypto_PlnTxt, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_MsgData_SndTSF, DA.Hack_Phys_Cnf_Eman
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality, Security Protection |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Cryptoanalysis | Locations | |
| Motive | Hostile | Vulnerabilities | Inadequate strength of function, inadequate separation of plaintext and ciphertext | Security Functions | |
| Sophistication | High | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Comm_Overload, DA.Hack_Crypto_ChsnCy, DA.Hack_Crypto_PlnTxt, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_MsgData_SndTSF, DA.Hack_Phys_Cnf_Eman
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality, Security Protection |
| Authentication | None | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Cryptoanalysis | Locations | |
| Motive | Hostile | Vulnerabilities | Inadequate strength of function, inadequate separation of plaintext and ciphertext | Security Functions | |
| Sophistication | High | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Comm_Overload, DA.Hack_Crypto_ChsnCy, DA.Hack_Crypto_ChsnPln, DA.Hack_Crypto_PlnTxt, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_MsgData_SndTSF, DA.Hack_Phys_Cnf_Eman
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Loss_Types | Confidentiality | |
| Authentication | None | Human_Role | IT Capabilities | ||
| Attitude | Deliberate | Action | Cryptoanalysis | Locations | |
| Motive | Hostile | Vulnerabilities | Inadequate strength of function | Security Functions | |
| Sophistication | High | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Crypto_ChsnCy, DA.Hack_Crypto_ChsnPln, DA.Hack_Crypto_ChsnTxt, DA.Hack_Crypto_PlnTxt, DA.Hack_Masq_Hijack, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_Phys_Cnf_Eman
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality, Security Protection |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Cryptoanalysis | Locations | |
| Motive | Hostile | Vulnerabilities | Inadequate strength of function, inadequate separation of plaintext and ciphertext | Security Functions | |
| Sophistication | High | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Comm_Overload, DA.Hack_Crypto_ChsnCy, DA.Hack_Crypto_ChsnPln, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.Hack_MsgData_SndTSF, DA.Hack_Phys_Cnf_Eman
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Loss_Types | Any | |
| Authentication | None | Human_Role | IT Capabilities | ||
| Attitude | Deliberate | Action | Penetrate a communications link | Locations | Any |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | High | ||||
| Localities | Remote | Editorial | Threat source: a hacker with the opportunity to steal an active, remote session of an authorized user. Method: hacker physically interposes himself by cutting a communication link or by manipulating communications at an intermediate network node. Results: loss of confidentiality and integrity, erroneous accountability, denial of service to the session originator. |
||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_MsgData_RcvTSF, DA.Hack_MsgData_RcvUsr, DA.Hack_MsgData_SndTSF, DA.Hack_MsgData_SndUsr, DA.Hack_Phys_Cnf_Eman
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Any |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Usurp an active session on a workstation | Locations | |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Local | Editorial | Threat source: user with access to unattended, active workstation Results: loss of accountability, confidentiality, integrity |
||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Any |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | exploiting weak authentication mechanisms | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | Results: Loss of integrity if the masquerader changes objects that they are not authorized to, Loss of availability if the masquerader deletes an object they should not have, Loss of confidentiality if the masquerader sees information they should not have. | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Loss_Types | Integrity, Security Protection | |
| Authentication | None | Human_Role | IT Capabilities | System | |
| Attitude | Deliberate | Action | Message modification | Locations | TOE |
| Motive | Hostile | Vulnerabilities | Inadequate TSF data protection by the remote site and/or inadequate data validation by the TOE | Security Functions | |
| Sophistication | High | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_Masq_Hijack, DA.Hack_MsgData_RcvUsr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Message modification | Locations | TOE |
| Motive | Hostile | Vulnerabilities | Inadequate user data protection by the remote site and/or inadequate data validation by the TOE | Security Functions | |
| Sophistication | High | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity, Security Protection |
| Authentication | None | Human_Role | No Duties | IT Capabilities | System |
| Attitude | Deliberate | Action | Message modification | Locations | Environment |
| Motive | Hostile | Vulnerabilities | Inadequate TSF data protection by the TOE and/or inadequate data validation by the remote site | Security Functions | |
| Sophistication | High | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | None | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Message modification | Locations | Environment |
| Motive | Hostile | Vulnerabilities | Inadequate user data protection by the TOE and/or inadequate data validation by the remote site | Security Functions | |
| Sophistication | High | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Operation | Loss_Types | Availability | |
| Authentication | None | Human_Role | IT Capabilities | Arbitrary Capability | |
| Attitude | Accidental | Action | Electronic emissions | Locations | Environment |
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | Zero | ||||
| Localities | Local | Editorial | |||
| Forces | Emanations | ||||
Other Detailed Attacks Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Emanations analysis | Locations | TOE |
| Motive | Hostile | Vulnerabilities | Inadequate TSF protection | Security Functions | |
| Sophistication | High | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Deliberate processor overload | Locations | |
| Motive | Hostile | Vulnerabilities | System / Resource Utilization | Security Functions | |
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_Masq_Uwkstn, DA.User_Comm_Overload, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr, DA.User_Obst_Res_Use, DA.User_Prcsr_Overload, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | Method: Repeatedly dumps data unwontedly into TOE data storage through processes that use storage space. | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Data hiding | Locations | |
| Motive | Negligent | Vulnerabilities | Human frailty, inadequate data protection | Security Functions | |
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Conf_Class, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Observe | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_Masq_Uwkstn, DA.User_Abuse_Conf_Steg, DA.User_Collect_Deceive, DA.User_Collect_Eaves, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality, Security Protection |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Deception | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_Masq_Uwkstn, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Eaves, DA.User_Err_AttrXpt, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_MsngAttrXpt, DA.User_Err_Object_Attr, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Read repeatedly | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Collect_Eaves, DA.User_Collect_Residue, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Observe | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_Masq_Uwkstn, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Observe residual data | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.User_Abuse_Conf_Steg, DA.User_Collect_Browse, DA.User_Collect_Deceive, DA.User_Collect_Deduce, DA.User_Collect_Eaves, DA.User_Err_Conf_Class, DA.User_Err_Conf_Exp, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Create excessive communication traffic | Locations | |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr, DA.User_Obst_Res_Use, DA.User_Prcsr_Overload, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity, Security Protection |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Misrepresentation of security attributes | Locations | |
| Motive | Negligent | Vulnerabilities | Human ignorance or inattention, inadequate data labeling | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Data_Export, DA.User_Err_MsngAttrXpt, DA.User_Err_Object_Attr, DA.User_Send_Integrity
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Falsification of security attributes | Locations | |
| Motive | Negligent | Vulnerabilities | Human frailty, inadequate data protection | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Deliberate export | Locations | |
| Motive | Negligent | Vulnerabilities | Human frailty, inadequate data protection | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Conf_Class, DA.User_Err_MsngAttrXpt, DA.User_Send_Conf
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Accidental | Action | Releasing false information | Locations | Any |
| Motive | Constructive | Vulnerabilities | Human ignorance or inattention, inadequate data labeling | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_MsngAttrXpt
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Accidental | Action | Error | Locations | TOE |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | TOE |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Delete, DA.User_Err_Set_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality, Integrity |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Withholding of security-attribute information | Locations | |
| Motive | Constructive | Vulnerabilities | Human frailty, inadequate data protection | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Data_Export
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Security Protection |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Setting object security attributes | Locations | |
| Motive | Constructive | Vulnerabilities | Human ignorance or inattention, inadequate data labeling mechanism | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | Vulnerabilities: Human ignorance or inattention, inadequate data labeling mechanism, inadequate security documentation | ||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Delete, DA.User_Err_Mod_Attr
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity, Security Protection |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Modify TSF data | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Hack_AC_Code_Vul, DA.Hack_AC_Weak, DA.Hack_Comm_Overload, DA.Hack_Masq_Uwkstn, DA.Hack_Masq_Wauth, DA.User_Collect_Deceive, DA.User_Err_AttrXpt, DA.User_Err_Data_Export, DA.User_Err_MsngAttrXpt, DA.User_Err_Object_Attr, DA.User_Modify_Data, DA.User_Send_Integrity
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Loss_Types | Integrity, Security Protection | |
| Authentication | Authenticated | Human_Role | IT Capabilities | ||
| Attitude | Deliberate | Action | Modify TSF data | Locations | |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | |||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.Dev_FC_Trap_Door, DA.Hack_Masq_Uwkstn, DA.User_Err_AttrXpt, DA.User_Err_Data_Export, DA.User_Err_MsngAttrXpt, DA.User_Err_Object_Attr, DA.User_Modify_Data, DA.User_Send_Integrity
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Modify | Locations | Any |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_AttrXpt, DA.User_Err_Data_Export, DA.User_Err_MsngAttrXpt, DA.User_Send_Integrity
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Modify | Locations | TOE |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Comm_Overload, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr, DA.User_Prcsr_Overload, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | System |
| Attitude | Accidental | Action | Obstruction / Overload | Locations | TOE |
| Motive | Negligent | Vulnerabilities | System / Resource Utilization | Security Functions | |
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Comm_Overload, DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr, DA.User_Obst_Res_Use, DA.User_Stg_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Accidental | Action | Send | Locations | TOE |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_Conf_Class, DA.User_Err_MsngAttrXpt
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Send | Locations | |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Err_AttrXpt, DA.User_Err_Data_Export, DA.User_Err_MsngAttrXpt
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Prevent Use of Storage by exploiting storage capacity limits | Locations | |
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other Detailed Attacks Suggested by Attributes
DA.User_Comm_Overload, DA.User_Err_Delete, DA.User_Err_Mod_Attr, DA.User_Err_Set_Attr, DA.User_Obst_Res_Use, DA.User_Prcsr_Overload
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other Detailed Policy Statements Suggested by Attributes
DP.Audit_Gen_User, DP.Audit_Generation, DP.Authority_Notify, DP.Change_Control_Users, DP.Config_Mgt_Plan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other Detailed Policy Statements Suggested by Attributes
DP.Admin_Security_Data, DP.Audit_Generation, DP.Authority_Notify, DP.Change_Control_Users, DP.Config_Mgt_Plan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other Detailed Policy Statements Suggested by Attributes
DP.Admin_Security_Data, DP.Audit_Gen_User, DP.Authority_Notify, DP.Change_Control_Users, DP.Config_Mgt_Plan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other Detailed Policy Statements Suggested by Attributes
DP.Admin_Security_Data, DP.Audit_Gen_User, DP.Audit_Generation, DP.Change_Control_Users, DP.Config_Mgt_Plan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other Detailed Policy Statements Suggested by Attributes
DP.Admin_Security_Data, DP.Audit_Gen_User, DP.Audit_Generation, DP.Authority_Notify, DP.Config_Mgt_Plan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other Detailed Policy Statements Suggested by Attributes
DP.Admin_Security_Data, DP.Audit_Gen_User, DP.Audit_Generation, DP.Authority_Notify, DP.Change_Control_Users
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Any | Editorial | |||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_to_Comms, A.Access_to_Passwords, A.Trusted_User, A.User_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Assumptions Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Trusted_User, A.User_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Admin_Docs, A.Admin_Errors, A.Admin_Virus_Check, A.Auth_Sys_Admin, A.Competent_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Password_Management, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Auth_Sys_Admin, A.Competent_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Admin_Cor_Usr_Data, A.Admin_Docs, A.Admin_Virus_Check, A.Auth_Sys_Admin, A.Competent_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Password_Management, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Eavesdrop_by_Out, A.Password_Management, A.Peer, A.Remote_Access, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Admin_Docs, A.Competent_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Admin_Docs, A.Auth_Sys_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Trusted_User, A.User_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Coop_User, A.Trusted_User, A.User_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Peer, A.Remote_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Admin_Cor_Usr_Data, A.Admin_Docs, A.Admin_Errors, A.Admin_Virus_Check, A.Auth_Sys_Admin, A.Competent_Admin, A.Coop_User, A.Dispose_User_Data, A.Eavesdrop_by_Out, A.Hostile_User, A.Negligent_Admin, A.No_Abuse_By_Admin, A.Outsider_Low, A.Outsider_Med, A.Password_Management, A.Peer, A.Phys_Acs_to_Out, A.Poor_Trained_Admin, A.Protect_From_Out, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Coop_User, A.Dispose_User_Data, A.Eavesdrop_by_Out, A.Outsider_Low, A.Outsider_Med, A.Password_Management, A.Peer, A.Phys_Acs_to_Out, A.Protect_From_Out, A.Remote_Access, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Admin_Cor_Usr_Data, A.Admin_Docs, A.Admin_Errors, A.Admin_Virus_Check, A.Auth_Sys_Admin, A.Competent_Admin, A.Coop_User, A.Dispose_User_Data, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Password_Management, A.Peer, A.Poor_Trained_Admin, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Admin_Docs, A.Auth_Sys_Admin, A.Competent_Admin, A.Eavesdrop_by_Out, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | No non-null attributes received from SPARTA, so record is currently blank. | |||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Admin_Cor_Usr_Data, A.Admin_Docs, A.Admin_Errors, A.Admin_Virus_Check, A.Auth_Sys_Admin, A.Competent_Admin, A.Coop_User, A.Dispose_User_Data, A.Eavesdrop_by_Out, A.Hostile_Sys_Admin, A.Hostile_User, A.Negligent_Admin, A.No_Abuse_By_Admin, A.Outsider_Hi, A.Outsider_Low, A.Outsider_Med, A.Password_Management, A.Peer, A.Phys_Acs_to_Out, A.Poor_Trained_Admin, A.Prot_Against_Nature, A.Prot_Agnst_Pwr_Fail, A.Prot_of_Comm, A.Protect_From_Out, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | High | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_to_Comms, A.Eavesdrop_by_Out, A.Outsider_Low, A.Outsider_Med, A.Peer, A.Phys_Acs_to_Out, A.Protect_From_Out, A.Remote_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_to_Comms, A.Eavesdrop_by_Out, A.Peer, A.Phys_Acs_to_Out, A.Protect_From_Out, A.Remote_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_to_Comms, A.Eavesdrop_by_Out, A.Outsider_Low, A.Peer, A.Phys_Acs_to_Out, A.Protect_From_Out, A.Remote_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Eavesdrop_by_Out, A.Peer, A.Remote_Access, A.Trusted_User, A.User_Access, A.User_Mistakes, A.User_Virus_Scan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Eavesdrop_by_Out, A.Remote_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_to_Comms, A.Protect_From_Out
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Admin_Docs, A.Auth_Sys_Admin, A.Competent_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Other | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Human_Role | IT Capabilities | System | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | Disaster | ||||
Other General Assumptions Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Other | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Human_Role | IT Capabilities | System | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | Communications | ||||
Other General Assumptions Suggested by Attributes
A.Prot_of_Comm
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Other | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Human_Role | IT Capabilities | System | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | Communications | ||||
Other General Assumptions Suggested by Attributes
A.Prot_Agnst_Pwr_Fail
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_to_Comms, A.Phys_Acs_to_Out
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Eavesdrop_by_Out, A.Peer
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Eavesdrop_by_Out, A.Peer, A.Remote_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Admin_Docs, A.Auth_Sys_Admin, A.Competent_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Peer, A.Remote_Access, A.Remote_Admin, A.Trusted_User, A.User_Access, A.Well_Behaved_Admin
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.User_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Trusted_User
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Eavesdrop_by_Out, A.Password_Management, A.Peer, A.Remote_Access, A.Trusted_User, A.User_Access, A.User_Virus_Scan
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Acc_Ovrwrit_SysData, A.Acc_to_Comms, A.Access_to_Passwords, A.Eavesdrop_by_Out, A.Password_Management, A.Peer, A.Remote_Access, A.Trusted_User, A.User_Access, A.User_Mistakes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Well Behaved | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Assumptions Suggested by Attributes
A.Access_to_Passwords, A.Admin_Docs, A.Auth_Sys_Admin, A.Competent_Admin, A.Eavesdrop_by_Out, A.No_Abuse_By_Admin, A.Peer, A.Remote_Access, A.Remote_Admin, A.Review_Audit_Log, A.Trusted_User, A.User_Access
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Authorities
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | No Duties | IT Capabilities | |
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | Confidentiality | ||
| Authentication | Human_Role | IT Capabilities | User Data | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability, P.Authorities, P.Information_AC, P.Lifecycle, P.Marking, P.Physical_Control
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | Availability | ||
| Authentication | Human_Role | IT Capabilities | System | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability, P.Authorities, P.Lifecycle, P.Physical_Control
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Development | Loss_Types | Security Protection |
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | AGD | |
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | Confidentiality | ||
| Authentication | Human_Role | IT Capabilities | User Data | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability, P.Authorities, P.Authorized_Use, P.Lifecycle, P.Marking, P.Physical_Control
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | Integrity | ||
| Authentication | Human_Role | IT Capabilities | User Data | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability, P.Authorities, P.Lifecycle, P.Physical_Control
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | |||
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | The policy is sufficiently broad, that virtually all attributes are relevant. | |||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability, P.Authorities, P.Authorized_Use, P.Availability, P.Guidance, P.Information_AC, P.Integrity, P.Marking, P.Physical_Control
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Lifecycle_Phases | Loss_Types | Confidentiality | ||
| Authentication | Human_Role | IT Capabilities | User Data | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability, P.Authorities, P.Authorized_Use, P.Information_AC, P.Lifecycle, P.Physical_Control
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Human_Role | IT Capabilities | |||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | The policy is sufficiently broad that most attributes are relevant. | |||
| Forces | |||||
Other General Policy Statements Suggested by Attributes
P.Accountability, P.Authorities
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Admin_Err_Omit, T.User_Err_Conf, T.User_Err_Inaccess, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Misuse_Avl_Resc, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Admin_Err_Commit, T.User_Err_Conf, T.User_Err_Inaccess, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Misuse_Avl_Resc, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Modify or destroy TSF code or data | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | Threat Source: The threat source would be a deliberate human being that either is not following policy in efforts to complete action they feel are in the organization's best interest or is malicious in intent. Attack Method: The attack method is to modify or destroy security attributes or security mechanisms that would allow effects that are contrary to the organization's security policy. Results: The results vary depending on the effect of the destruction or modification. Confidentiality, Integrity, and Availability can be effected |
|||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Admin_Err_Commit, T.Admin_Err_Omit, T.Admin_UserPriv, T.Hack_Comm_Eavesdrop, T.Hack_Social_Engineer, T.Malicious_Code, T.Repudiate_Receive, T.Repudiate_Send, T.Repudiate_Transact, T.User_Abuse_Conf, T.User_Collect, T.User_Err_Conf, T.User_Err_Inaccess, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Misuse_Avl_Resc, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | User Data |
| Attitude | Accidental | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | SPARTA didn't provide a result type here, but it seems clear that privacy is a kind of confidentiality. | |||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Admin_Err_Commit, T.Admin_Err_Omit, T.User_Err_Conf, T.User_Err_Slf_Protect, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Other | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Human_Role | IT Capabilities | System | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | Unusual Conditions | ||||
Other General Threats Suggested by Attributes
T.Failure_DS_Comp
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Development | Loss_Types | |
| Authentication | Privileged | Human_Role | System Duties | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Other | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Human_Role | IT Capabilities | System | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | Unusual Conditions | ||||
Other General Threats Suggested by Attributes
T.Component_Failure
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Avl_Resource, T.Hack_Comm_Eavesdrop, T.Hack_Crypto, T.Hack_Msg_Data, T.Hack_Phys, T.Hack_Social_Engineer, T.Malicious_Code, T.Repudiate_Receive, T.Repudiate_Send, T.Repudiate_Transact, T.Spoofing, T.User_Abuse_Conf, T.User_Collect, T.User_Err_Conf, T.User_Err_Inaccess, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Misuse_Avl_Resc, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | None | Human_Role | No Duties | IT Capabilities | System |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Phys, T.Hack_Social_Engineer, T.Malicious_Code, T.Spoofing
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | None | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Threats Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | None | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Comm_Eavesdrop, T.Spoofing
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability, Confidentiality, Integrity |
| Authentication | None | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Inadequate authentication mechanisms and inadequate protection of communications media. | Security Functions | |
| Sophistication | High | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Comm_Eavesdrop, T.Hack_Crypto, T.Hack_Msg_Data, T.Spoofing
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | None | Human_Role | No Duties | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Spoofing
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Local | Editorial | |||
| Forces | |||||
Other General Threats Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Malicious_Code
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Social_Engineer
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Other | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Human_Role | IT Capabilities | System | ||
| Attitude | Action | Locations | |||
| Motive | Vulnerabilities | Security Functions | |||
| Sophistication | |||||
| Localities | Editorial | ||||
| Forces | Power | ||||
Other General Threats Suggested by Attributes
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Repudiate_Send, T.Repudiate_Transact, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Repudiate_Receive, T.Repudiate_Transact, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Negligent | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Repudiate_Receive, T.Repudiate_Send, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | None | Human_Role | No Duties | IT Capabilities | |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Moderate | ||||
| Localities | Remote | Editorial | |||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Comm_Eavesdrop, T.Hack_Crypto, T.Hack_Msg_Data
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Locations | ||
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Comm_Eavesdrop, T.Hack_Social_Engineer, T.Malicious_Code, T.User_Collect, T.User_Err_Conf, T.User_Err_Slf_Protect, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Deliberate | Action | Observe | Locations | |
| Motive | Hostile | Vulnerabilities | Security Functions | ||
| Sophistication | Low | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.Hack_Comm_Eavesdrop, T.Hack_Social_Engineer, T.Malicious_Code, T.User_Abuse_Conf, T.User_Err_Conf, T.User_Err_Slf_Protect, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.User_Err_Slf_Protect, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Accidental | Action | Error | Locations | |
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.User_Err_Slf_Protect
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.User_Err_Slf_Protect, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.User_Err_Conf, T.User_Err_Inaccess, T.User_Err_Integrity, T.User_Misuse_Avl_Resc, T.User_Modify, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Availability |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | System |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.User_Err_Slf_Protect
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Integrity |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Send
| Agent Attributes | Method Attributes | Result Attributes | |||
| Agent_Types | Human | Lifecycle_Phases | Operation | Loss_Types | Confidentiality, Integrity |
| Authentication | Authenticated | Human_Role | Service User | IT Capabilities | User Data |
| Attitude | Accidental | Action | Locations | ||
| Motive | Constructive | Vulnerabilities | Security Functions | ||
| Sophistication | Zero | ||||
| Localities | Editorial | ||||
| Forces | |||||
Other General Threats Suggested by Attributes
T.User_Err_Conf, T.User_Err_Integrity, T.User_Err_Slf_Protect, T.User_Modify
