Threat Statement Table Example
|
ID |
Threat Name |
Type Identifier |
Description |
Typical Impact
to Data or System |
||
|
Confidentiality |
Integrity |
Availability |
||||
|
T-1
|
Audit
Compromise |
P |
An
unauthorized user gains access to the audit trail and could cause audit
records to be deleted or modified, or prevents future audit records from
being recorded, thus masking a security relevant event. |
|
Modification or
Destruction |
Unavailable
Accurate Records |
|
T-1
|
Fire |
E, P |
Fire can
be caused by arson, electrical problems, lightning, chemical agents, or other
unrelated proximity fires. |
|
Destruction |
Denial of
Service |
|
T-2
|
Fraud |
P |
Intentional
deception regarding data or information about an information system could
compromise the confidentiality, integrity, or availability of an information
system. |
Disclosure |
Modification or
Destruction |
|
|
T-3
|
Data
Entry Error |
U |
Human
inattention, lack of knowledge, and failure to cross-check system activities
could contribute to errors becoming integrated and ingrained in automated
systems. |
|
Modification |
|
|
T-4
|
Social
Engineering |
P |
An
attacker manipulates people into performing actions or divulging confidential
information, as well as possible access to computer systems or facilities. |
Disclosure |
|
|