Supplement to 100-3

8/17/2019 Supplement to 100-3

1/12


2/12

Ferderal Office for Information SecurityPostfach 20 03 6353133 BonnTel. !"# 22$## #5$2%536#

&mail 'rundschut()*si.*und.deInternet htt+,,---.*si.*und.de Ferderal Office for Information Security 2011


3/12

Table of Contents

1 Introduction...................................................................................................................."

2 O/er/ie- of the &lementary Threats.............................................................................5

3 Pre+arin' the Threat Summary.....................................................................................

" reatin' ser%efined 4odules....................................................................................#

5 Further or Ste+s.....................................................................................................11

6 Bi*lio'ra+hy.................................................................................................................12

Index of Tables

Ta*le 1 O/er/ie- of the elementary threats.........................................................................6

Ta*le 2 7ist of the tar'et o*8ects under re/ie- 9&:cer+t;.....................................................Ta*le 3 Threat summary for the tar'et o*8ect S3 9&:cer+t;.................................................$Ta*le " Threat summary for the tar'et o*8ect 4.$11 9&:cer+t;............................................$Ta*le 5 &:am+le for identifyin' su++lementary elementary threats.....................................#

Federal Office for Information Security 3


4/12

1Introduction

1 Introduction

The BSI%Standard 100%3


5/12

2O/er/ie- of the &lementary Threats

2 Overview of the Elementary Threats

The elementary threats -ere de/elo+ed to +ursue the 'oals descri*ed in the follo-in'.&lementary threats are

- o+timised for use in a ris analysis@

- +roduct%inde+endent 9al-ays;@

- technolo'y%inde+endent 9-hene/er +ossi*le C certain technolo'ies dominate the maretso stron'ly@ that they also influence a*stracted threats;@

- com+ati*le -ith com+ara*le international catalo'ues@

- inte'rated seamlessly into the IT%>rundschut( a++roach.

Since the elementary threats should +rimarily ensure +erformin' a ris analysis efficiently@the focus is on identifyin' real threats. Threats -hich focus on insufficient or missin'

im+lementation of safe'uards and hence refer to indirect threats@ -ere intentionallya/oided.

urin' de/elo+ment of the elementary threats@ it -as also taen in consideration -hich*asic +arameter of the information security 9confidentiality@ a/aila*ility@ inte'rity; is affected*y each threat. Since this information may *e of interest at /arious sta'es of the securityconce+t@ they are included in the follo-in' ta*le. Dot all threats corres+ond to e:actly one*asic +arameter@ rather /arious threats affect se/eral *asic +arameters. In theinter+retation@ each threat directly affects the *asic +arameter listed in the ta*le ne:t to thecorres+ondin' threat. In the case of many threats it is namely contro/ersial to -hich e:tentall three *asic +arameters are affected due to indirect effects -hich can *e deri/ed from it.Thus@ for e:am+le@ in T 0.1 a/aila*ility is mentioned as the only *asic +arameter affected

*y fire. E fire could certainly result in the fact that stora'e media suffer only minor dama'e@so that files are still there at first 'lance@ *ut there has *een loss of inte'rity. In anotherscenario@ durin' a fire and related rescue measures confidential documents -ere suddenlydisclosed to unauthorised +ersons C *oth cases had ho-e/er indirect effects on the *asic/alues of confidentiality and inte'rity@ only a/aila*ility -as affected directly.

Federal Office for Information Security 5


6/12

2O/er/ie- of the &lementary Threats

The follo-in' ta*le 'i/es an o/er/ie- of the elementary threats. ere@ E stands for E/aila*ility@ stands for onfidentiality@ and I for Inte'rity.

Threat Basic

Parameter T 0.01 Fire I@ET 0.02 nfa/oura*le climatic conditions I@ET 0.03 ater I@ET 0.0" Pollution@ dust@ corrosion I@ET 0.05 Datural disasters ET 0.06 &n/ironmental disasters ET 0.0 4a8or e/ents in the en/ironment @I@ET 0.0$ Failure or disru+tion of the +o-er su++ly I@ET 0.0# Failure or disru+tion of communication net-ors I@ET 0.10 Failure or disru+tion of mains su++ly ET 0.11 Failure or disru+tion of ser/ice +ro/iders @I@ET 0.12 Interferin' radiation I@E

T 0.13 Interce+tin' com+romisin' emissions T 0.1" Interce+tion of information , es+iona'e T 0.15 &a/esdro++in' T 0.16 Theft of de/ices@ stora'e media and documents @ET 0.1 7oss of de/ices@ stora'e media and documents @ET 0.1$ Bad +lannin' or lac of ada+tation @I@ET 0.1# isclosure of sensiti/e information T 0.20 Information from an unrelia*le source @I@ET 0.21 4ani+ulation of hard-are and soft-are @I@ET 0.22 4ani+ulation of information IT 0.23 nauthorised access to IT systems @IT 0.2" estruction of de/ices or stora'e media ET 0.25 Failure of de/ices or systems E

T 0.26 4alfunction of de/ices or systems @I@ET 0.2 7ac of resources ET 0.2$ Soft-are /ulnera*ilities or errors @I@ET 0.2# Giolation of la-s or re'ulations @I@ET 0.30 nauthorised use or administration of de/ices and systems @I@ET 0.31 Incorrect use or administration of de/ices and systems @I@ET 0.32 E*use of authorisations @I@ET 0.33 E*sence of +ersonnel ET 0.3" Ettac @I@ET 0.35 oercion@ e:tortion or corru+tion @I@ET 0.36 Identity theft @I@ET 0.3 He+udiation of actions @IT 0.3$ E*use of +ersonal data T 0.3# 4alicious soft-are @I@ET 0."0 enial of ser/ice ET 0."1 Sa*ota'e ET 0."2 Social &n'ineerin' @IT 0."3 He+lay of messa'es @IT 0."" nauthorised entry to +remises @I@ET 0."5 ata loss ET 0."6 7oss of inte'rity of sensiti/e information I

Ta*le 1 O/er/ie- of the elementary threats

6 Ferderal Office for Information Security


7/12

3Pre+arin' the Threat Summary

3 Preparing the Threat Summary

To use the elementary threats -hen +erformin' a ris analysis@ the methodolo'y descri*edin


8/12

3Pre+arin' the Threat Summary

Es a result@ a ta*le has *een +roduced in -hich each tar'et o*8ect is assi'ned a list ofrele/ant elementary threats.

In order to facilitate the su*seAuent analysis@ the ta*le should include the +rotection

reAuirement for each tar'et o*8ect@ -hich -as identified in the course of assessment of+rotection reAuirements in relation to the three *asic +arameters confidentiality@ inte'rityand a/aila*ility. For the su+erordinate o*8ect entire information domain@ this assi'nment isnot necessary.

This ta*le +resents a threat summary for the tar'et o*8ects under re/ie-. It ser/es as astartin' +oint for the su*seAuent determination of additional threats.

Example !Excerpt"

Communications server S3

onfidentiality normalInte'rity hi'h

E/aila*ility hi'h

T 0.$ $ailure or disruption of the power supply

T 0.22 %anipulation of information

T 0.23 &nauthorised access to 'T systems

T 0.2" (estruction of devices or storage media

T 0.25 $ailure of devices or systems

etc.Table ): Threat summary for the target object S) E!cerpt"

Room M.811

onfidentiality normal

Inte'rity normal

E/aila*ility hi'h

T 0.1 $ire

T 0.3 *ater

T 0.2" (estruction of devices or storage media 9e.'. air%conditionin' system;

T 0."1 Sabotage

T 0."" &nauthorised entry to premises

etc.

Table +: Threat summary for the target object %-.. E!cerpt"

$ Ferderal Office for Information Security


9/12

"reatin' ser%efined 4odules

# $reating %ser&'efined (odules

Often durin' the ris analysis@ it *ecomes necessary to create a user%defined module for asu*8ect area@ -hich has not yet *een adeAuately co/ered *y the IT%>rundschut(catalo'ues to allo- modellin' of the information domain *ein' re/ie-ed. On the otherhand@ the IT%>rundschut( catalo'ues are so com+rehensi/e that at least for +arts of theseareas@ e:istin' modules from the IT%>rundschut( catalo'ues can *e used as a *asisdurin' the ris analysis. In doin' so@ one should on one hand stic to the e:istin' materialsas far as +ossi*le to a/oid unnecessary o/erhead@ *ut on the other hand discuss +otentialne- or enhanced threats as often as +ossi*le@ in order to a/oid o/erlooin' threats.For the su*8ect under consideration@ a ris analysis must first *e +erformed.

For this +ur+ose@ the elementary threats from the elementary threats catalo'ue T 0 should*e studied carefully for the su*8ect area under re/ie-. It should *e considered carefully-hether they are rele/ant for each tar'et o*8ect@ that is -hether they could in +rinci+le

cause considera*le dama'e to it. To achie/e this@ e/ery elementary threat must *ee/aluated in terms of -hether it affects the tar'et o*8ect in a direct or indirect -ay@ or not atall.

For e:am+le@ if a s+ecific ser/er o+eratin' system is re/ie-ed@ the elementary threat T0.25 Failure of de/ices or systems is a rele/ant ris@ a'ainst -hich s+ecific securitysafe'uards ha/e to *e im+lemented. Et first 'lance it may@ *esides the aforementioned@seem necessary to classify the elementary threat T 0.1 Fire as rele/ant for this tar'eto*8ect@ -ith the 8ustification that E fire causes a failure of the ser/er. ere@ ho-e/er@ theser/er failure is a conseAuence of the fire@ so an indirect effect on the hard-are. hatcauses the failure is 'enerally irrele/ant for the selection of the necessary securitysafe'uards. En o+eratin' system +ro/ides no s+ecific +re/enti/e measures a'ainst fire.

&:amination of threat T 0.1 Fire -ould *rin' no ne- as+ects into the analysis as com+aredto T 0.25 Failure of de/ices or systems.

Threat)asic

ParametersEffect *

+elevance$omments

T ,-,1 .ire /vaila0ilityIntegrity

Indirect effect Irrelevant

The threat for an o+eratin' system due to fire is indirect@ e:amination of threat T 0.1$ire co/ered no ne- as+ects in the analysis as com+ared to T 0.25 $ailure ofdevices or systems. The indirect threat due to T 0.1 $ire is@ amon' other threats@co/ered *y T 0.25 $ailure of devices or systems

T ,-, .ailure or disruptionof communicationnetwor4s

/vaila0ilityIntegrity

Indirect effect Irrelevant

The threat for an o+eratin' system due to failure or disru+tion of communicationnet-ors is indirect@ e:amination of threat T 0.# *rou'ht no ne- as+ects in theanalysis as com+ared to T 0.26 %alfunction of devices or systems. En o+eratin'system +ro/ides no s+ecific +re/enti/e measures a'ainst T 0.0#@ the threat is thusnot rele/ant. Do s+ecific safe'uards are necessary.

T ,-25 .ailure of devices or

systems

/vaila0ility 'irect Effect

+elevant

The threat T 0.26 %alfunction of devices or systems has a direct im+act on an

o+eratin' system. Therefore@ safe'uards a'ainst T 0.26 %alfunction of devices orsystems ha/e to *e e:amined.

T ,-26 (alfunction ofdevices or systems

$onfidentiality /vaila0ilityIntegrity

'irect Effect +elevant

The threat T 0.25 $ailure of devices or systems has a direct im+act on an o+eratin'system. Therefore@ safe'uards a'ainst T 0.26 $ailure of devices or systems ha/e to*e e:amined.

Ta*le 5 &:am+le for identifyin' su++lementary elementary threats

Federal Office for Information Security #


10/12

"reatin' ser%efined 4odules

In a su*seAuent *rainstormin' session@ it should *e checed -hether all rele/ant threatsha/e *een identified this -ay@ i.e. a com+leteness chec carried out as descri*ed in BSIStandard 100%3 in ha+ter "@ etermination of additional threats. For this +ur+ose@ it ishel+ful to 'ather all rele/ant information a*out the audited su*8ect e.'. from the Internet. It

is also -orth-hile to loo u+ in the IT%>rundschut( catalo'ues@ -hich e:istin' modulesco/er su*8ects or a++roaches similar to those -hich need to *e defined in a ne- moduleand ho- they do this. In addition@ au:iliary materials on the IT%>rundschut( -e* +a'esshould *e consulted@ to chec -hether similar issues are discussed in materials a/aila*lethere. On this *asis@ the threats descri*ed in the rele/ant e:istin' modules should *e/ie-ed as -ell.

Su*seAuently@ the elementary threats identified as rele/ant ha/e to *e consolidated -iththe threats from other modules or other sources@ and summarised in a threat o/er/ie- asclearly and accurately as +ossi*le.



11/12

5Further or Ste+s

5 .urther 7or4 Steps

Eccordin' to


12/12

6Bi*lio'ra+hy

6 )i0liography

rundschut( catalo'ues C Standard Security Safe'uards@ BSI@ reissued

annually@https:wwwbsibunddeE3Publications4S'Standards4S'Standards5nodehtml

https://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/standardshttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.htmlhttps://www.bsi.bund.de/grundschutz/katalogehttps://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.html

Documents

Supplement to 100-3