Ver:
· Ataque
Medio típico
(acción o acontecimiento) con el que un elemento peligroso realiza sus ataques.
Ejemplos:
·
robo
de soportes informáticos o de documentos;
· alteración de programas;
· atentado contra la disponibilidad del personal;
· escucha pasiva;
· inundación;
· ...
[EBIOS:2005]
manner and means,
including the weapon and delivery method, an adversary may use to cause harm on
a target
Annotation: Attack
method and attack mode are synonymous.
DHS Risk Lexicon,
September 2008
Possible attack
of a threat agent on assets.
Examples:
·
a
former member of the personnel with little technical ability but possibly
strong motivation, deliberately damages the system software by introducing a
virus, taking advantage of the ease of installing harmful programmes on the
organisation's office network; this could affect, for example, the functions
generating estimates or signature certificates;
·
a
cracker with a good level of expertise, standard equipment and paid for his
actions, steals confidential files by remotely accessing the company's network;
·
a
developer or member of the personnel with a very good level of expertise in
source codes but little ISS knowledge deliberately modifies the source code;
·
a
visitor steals equipment containing confidential information;
·
etc.
[EBIOS:2005]
Standard means
(action or event) by which a threat agent carries out an attack.
Examples:
·
theft
of media or documents;
·
software
entrapment;
·
attack
on availability of personnel;
·
passive
wiretapping;
·
flood;
·
etc.
[EBIOS:2005]
Moyen type (action ou
événement) pour un élément menaçant de réaliser une attaque.
Exemples:
·
vol
de supports ou de documents ;
· piégeage du logiciel ;
·
atteinte
à la disponibilité du personnel ;
· écoute passive ;
· crue ;
· ...
[EBIOS:2005]
Temas relacionados