[ISM3 Users] Tuesday Insight: Threat Taxonomy
Vicente Aceituno
vac at zenobia.es
Mon Nov 5 21:19:28 CET 2007
Dear All,
A new document, Threat Taxonomy, is available for download at:
http://www.ism3.com/index.php?option=com_docman&task=cat_view&gid=1&Itemid=9
This document presents a threat taxonomy depending on the agent, the
object and the effect of the attack (216 distinct threats)
Taxonomies that take into account the gain of the attacker, the
specific mechanism used for the attack, and the possible weaknesses
exploited can take the threat count easily into the thousands.
Unfortunately, due to complexity threat classifications with that
level of detail are not very useful for risk assessment.
An interesting question is: What are the security measures that can
mitigate each of these 216 threats?
My best
Vicente
More information about the Users
mailing list