Upload
senapo1971
View
213
Download
0
Embed Size (px)
Citation preview
8/17/2019 Supplement to 100-3
1/12
8/17/2019 Supplement to 100-3
2/12
Ferderal Office for Information SecurityPostfach 20 03 6353133 BonnTel. !"# 22$## #5$2%536#
&mail 'rundschut()*si.*und.deInternet htt+,,---.*si.*und.de Ferderal Office for Information Security 2011
8/17/2019 Supplement to 100-3
3/12
Table of Contents
1 Introduction...................................................................................................................."
2 O/er/ie- of the &lementary Threats.............................................................................5
3 Pre+arin' the Threat Summary.....................................................................................
" reatin' ser%efined 4odules....................................................................................#
5 Further or Ste+s.....................................................................................................11
6 Bi*lio'ra+hy.................................................................................................................12
Index of Tables
Ta*le 1 O/er/ie- of the elementary threats.........................................................................6
Ta*le 2 7ist of the tar'et o*8ects under re/ie- 9&:cer+t;.....................................................Ta*le 3 Threat summary for the tar'et o*8ect S3 9&:cer+t;.................................................$Ta*le " Threat summary for the tar'et o*8ect 4.$11 9&:cer+t;............................................$Ta*le 5 &:am+le for identifyin' su++lementary elementary threats.....................................#
Federal Office for Information Security 3
8/17/2019 Supplement to 100-3
4/12
1Introduction
1 Introduction
The BSI%Standard 100%3
8/17/2019 Supplement to 100-3
5/12
2O/er/ie- of the &lementary Threats
2 Overview of the Elementary Threats
The elementary threats -ere de/elo+ed to +ursue the 'oals descri*ed in the follo-in'.&lementary threats are
- o+timised for use in a ris analysis@
- +roduct%inde+endent 9al-ays;@
- technolo'y%inde+endent 9-hene/er +ossi*le C certain technolo'ies dominate the maretso stron'ly@ that they also influence a*stracted threats;@
- com+ati*le -ith com+ara*le international catalo'ues@
- inte'rated seamlessly into the IT%>rundschut( a++roach.
Since the elementary threats should +rimarily ensure +erformin' a ris analysis efficiently@the focus is on identifyin' real threats. Threats -hich focus on insufficient or missin'
im+lementation of safe'uards and hence refer to indirect threats@ -ere intentionallya/oided.
urin' de/elo+ment of the elementary threats@ it -as also taen in consideration -hich*asic +arameter of the information security 9confidentiality@ a/aila*ility@ inte'rity; is affected*y each threat. Since this information may *e of interest at /arious sta'es of the securityconce+t@ they are included in the follo-in' ta*le. Dot all threats corres+ond to e:actly one*asic +arameter@ rather /arious threats affect se/eral *asic +arameters. In theinter+retation@ each threat directly affects the *asic +arameter listed in the ta*le ne:t to thecorres+ondin' threat. In the case of many threats it is namely contro/ersial to -hich e:tentall three *asic +arameters are affected due to indirect effects -hich can *e deri/ed from it.Thus@ for e:am+le@ in T 0.1 a/aila*ility is mentioned as the only *asic +arameter affected
*y fire. E fire could certainly result in the fact that stora'e media suffer only minor dama'e@so that files are still there at first 'lance@ *ut there has *een loss of inte'rity. In anotherscenario@ durin' a fire and related rescue measures confidential documents -ere suddenlydisclosed to unauthorised +ersons C *oth cases had ho-e/er indirect effects on the *asic/alues of confidentiality and inte'rity@ only a/aila*ility -as affected directly.
Federal Office for Information Security 5
8/17/2019 Supplement to 100-3
6/12
2O/er/ie- of the &lementary Threats
The follo-in' ta*le 'i/es an o/er/ie- of the elementary threats. ere@ E stands for E/aila*ility@ stands for onfidentiality@ and I for Inte'rity.
Threat Basic
Parameter T 0.01 Fire I@ET 0.02 nfa/oura*le climatic conditions I@ET 0.03 ater I@ET 0.0" Pollution@ dust@ corrosion I@ET 0.05 Datural disasters ET 0.06 &n/ironmental disasters ET 0.0 4a8or e/ents in the en/ironment @I@ET 0.0$ Failure or disru+tion of the +o-er su++ly I@ET 0.0# Failure or disru+tion of communication net-ors I@ET 0.10 Failure or disru+tion of mains su++ly ET 0.11 Failure or disru+tion of ser/ice +ro/iders @I@ET 0.12 Interferin' radiation I@E
T 0.13 Interce+tin' com+romisin' emissions T 0.1" Interce+tion of information , es+iona'e T 0.15 &a/esdro++in' T 0.16 Theft of de/ices@ stora'e media and documents @ET 0.1 7oss of de/ices@ stora'e media and documents @ET 0.1$ Bad +lannin' or lac of ada+tation @I@ET 0.1# isclosure of sensiti/e information T 0.20 Information from an unrelia*le source @I@ET 0.21 4ani+ulation of hard-are and soft-are @I@ET 0.22 4ani+ulation of information IT 0.23 nauthorised access to IT systems @IT 0.2" estruction of de/ices or stora'e media ET 0.25 Failure of de/ices or systems E
T 0.26 4alfunction of de/ices or systems @I@ET 0.2 7ac of resources ET 0.2$ Soft-are /ulnera*ilities or errors @I@ET 0.2# Giolation of la-s or re'ulations @I@ET 0.30 nauthorised use or administration of de/ices and systems @I@ET 0.31 Incorrect use or administration of de/ices and systems @I@ET 0.32 E*use of authorisations @I@ET 0.33 E*sence of +ersonnel ET 0.3" Ettac @I@ET 0.35 oercion@ e:tortion or corru+tion @I@ET 0.36 Identity theft @I@ET 0.3 He+udiation of actions @IT 0.3$ E*use of +ersonal data T 0.3# 4alicious soft-are @I@ET 0."0 enial of ser/ice ET 0."1 Sa*ota'e ET 0."2 Social &n'ineerin' @IT 0."3 He+lay of messa'es @IT 0."" nauthorised entry to +remises @I@ET 0."5 ata loss ET 0."6 7oss of inte'rity of sensiti/e information I
Ta*le 1 O/er/ie- of the elementary threats
6 Ferderal Office for Information Security
8/17/2019 Supplement to 100-3
7/12
3Pre+arin' the Threat Summary
3 Preparing the Threat Summary
To use the elementary threats -hen +erformin' a ris analysis@ the methodolo'y descri*edin
8/17/2019 Supplement to 100-3
8/12
3Pre+arin' the Threat Summary
Es a result@ a ta*le has *een +roduced in -hich each tar'et o*8ect is assi'ned a list ofrele/ant elementary threats.
In order to facilitate the su*seAuent analysis@ the ta*le should include the +rotection
reAuirement for each tar'et o*8ect@ -hich -as identified in the course of assessment of+rotection reAuirements in relation to the three *asic +arameters confidentiality@ inte'rityand a/aila*ility. For the su+erordinate o*8ect entire information domain@ this assi'nment isnot necessary.
This ta*le +resents a threat summary for the tar'et o*8ects under re/ie-. It ser/es as astartin' +oint for the su*seAuent determination of additional threats.
Example !Excerpt"
Communications server S3
onfidentiality normalInte'rity hi'h
E/aila*ility hi'h
T 0.$ $ailure or disruption of the power supply
T 0.22 %anipulation of information
T 0.23 &nauthorised access to 'T systems
T 0.2" (estruction of devices or storage media
T 0.25 $ailure of devices or systems
etc.Table ): Threat summary for the target object S) E!cerpt"
Room M.811
onfidentiality normal
Inte'rity normal
E/aila*ility hi'h
T 0.1 $ire
T 0.3 *ater
T 0.2" (estruction of devices or storage media 9e.'. air%conditionin' system;
T 0."1 Sabotage
T 0."" &nauthorised entry to premises
etc.
Table +: Threat summary for the target object %-.. E!cerpt"
$ Ferderal Office for Information Security
8/17/2019 Supplement to 100-3
9/12
"reatin' ser%efined 4odules
# $reating %ser&'efined (odules
Often durin' the ris analysis@ it *ecomes necessary to create a user%defined module for asu*8ect area@ -hich has not yet *een adeAuately co/ered *y the IT%>rundschut(catalo'ues to allo- modellin' of the information domain *ein' re/ie-ed. On the otherhand@ the IT%>rundschut( catalo'ues are so com+rehensi/e that at least for +arts of theseareas@ e:istin' modules from the IT%>rundschut( catalo'ues can *e used as a *asisdurin' the ris analysis. In doin' so@ one should on one hand stic to the e:istin' materialsas far as +ossi*le to a/oid unnecessary o/erhead@ *ut on the other hand discuss +otentialne- or enhanced threats as often as +ossi*le@ in order to a/oid o/erlooin' threats.For the su*8ect under consideration@ a ris analysis must first *e +erformed.
For this +ur+ose@ the elementary threats from the elementary threats catalo'ue T 0 should*e studied carefully for the su*8ect area under re/ie-. It should *e considered carefully-hether they are rele/ant for each tar'et o*8ect@ that is -hether they could in +rinci+le
cause considera*le dama'e to it. To achie/e this@ e/ery elementary threat must *ee/aluated in terms of -hether it affects the tar'et o*8ect in a direct or indirect -ay@ or not atall.
For e:am+le@ if a s+ecific ser/er o+eratin' system is re/ie-ed@ the elementary threat T0.25 Failure of de/ices or systems is a rele/ant ris@ a'ainst -hich s+ecific securitysafe'uards ha/e to *e im+lemented. Et first 'lance it may@ *esides the aforementioned@seem necessary to classify the elementary threat T 0.1 Fire as rele/ant for this tar'eto*8ect@ -ith the 8ustification that E fire causes a failure of the ser/er. ere@ ho-e/er@ theser/er failure is a conseAuence of the fire@ so an indirect effect on the hard-are. hatcauses the failure is 'enerally irrele/ant for the selection of the necessary securitysafe'uards. En o+eratin' system +ro/ides no s+ecific +re/enti/e measures a'ainst fire.
&:amination of threat T 0.1 Fire -ould *rin' no ne- as+ects into the analysis as com+aredto T 0.25 Failure of de/ices or systems.
Threat)asic
ParametersEffect *
+elevance$omments
T ,-,1 .ire /vaila0ilityIntegrity
Indirect effect Irrelevant
The threat for an o+eratin' system due to fire is indirect@ e:amination of threat T 0.1$ire co/ered no ne- as+ects in the analysis as com+ared to T 0.25 $ailure ofdevices or systems. The indirect threat due to T 0.1 $ire is@ amon' other threats@co/ered *y T 0.25 $ailure of devices or systems
T ,-, .ailure or disruptionof communicationnetwor4s
/vaila0ilityIntegrity
Indirect effect Irrelevant
The threat for an o+eratin' system due to failure or disru+tion of communicationnet-ors is indirect@ e:amination of threat T 0.# *rou'ht no ne- as+ects in theanalysis as com+ared to T 0.26 %alfunction of devices or systems. En o+eratin'system +ro/ides no s+ecific +re/enti/e measures a'ainst T 0.0#@ the threat is thusnot rele/ant. Do s+ecific safe'uards are necessary.
T ,-25 .ailure of devices or
systems
/vaila0ility 'irect Effect
+elevant
The threat T 0.26 %alfunction of devices or systems has a direct im+act on an
o+eratin' system. Therefore@ safe'uards a'ainst T 0.26 %alfunction of devices orsystems ha/e to *e e:amined.
T ,-26 (alfunction ofdevices or systems
$onfidentiality /vaila0ilityIntegrity
'irect Effect +elevant
The threat T 0.25 $ailure of devices or systems has a direct im+act on an o+eratin'system. Therefore@ safe'uards a'ainst T 0.26 $ailure of devices or systems ha/e to*e e:amined.
Ta*le 5 &:am+le for identifyin' su++lementary elementary threats
Federal Office for Information Security #
8/17/2019 Supplement to 100-3
10/12
"reatin' ser%efined 4odules
In a su*seAuent *rainstormin' session@ it should *e checed -hether all rele/ant threatsha/e *een identified this -ay@ i.e. a com+leteness chec carried out as descri*ed in BSIStandard 100%3 in ha+ter "@ etermination of additional threats. For this +ur+ose@ it ishel+ful to 'ather all rele/ant information a*out the audited su*8ect e.'. from the Internet. It
is also -orth-hile to loo u+ in the IT%>rundschut( catalo'ues@ -hich e:istin' modulesco/er su*8ects or a++roaches similar to those -hich need to *e defined in a ne- moduleand ho- they do this. In addition@ au:iliary materials on the IT%>rundschut( -e* +a'esshould *e consulted@ to chec -hether similar issues are discussed in materials a/aila*lethere. On this *asis@ the threats descri*ed in the rele/ant e:istin' modules should *e/ie-ed as -ell.
Su*seAuently@ the elementary threats identified as rele/ant ha/e to *e consolidated -iththe threats from other modules or other sources@ and summarised in a threat o/er/ie- asclearly and accurately as +ossi*le.
10 Ferderal Office for Information Security
8/17/2019 Supplement to 100-3
11/12
5Further or Ste+s
5 .urther 7or4 Steps
Eccordin' to
8/17/2019 Supplement to 100-3
12/12
6Bi*lio'ra+hy
6 )i0liography
rundschut( catalo'ues C Standard Security Safe'uards@ BSI@ reissued
annually@https:wwwbsibunddeE3Publications4S'Standards4S'Standards5nodehtml
12 Ferderal Office for Information Security
https://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.html