From 40bf1b806c6c4d051fba2b36ccc919059db6caba Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 24 May 2016 07:45:27 +0200 Subject: [PATCH] More unintentional-damage --- enisa/machinetag.json | 105 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/enisa/machinetag.json b/enisa/machinetag.json index 53e6627..dab33ab 100644 --- a/enisa/machinetag.json +++ b/enisa/machinetag.json @@ -101,6 +101,111 @@ "value": "leaks-of-information-transferred-by-network", "expanded": "Leaks of information transferred by network", "description": "Threat of eavesdropping of unsecured network traffic." + }, + { + "value": "erroneous-use-or-administration-of-devices-and-systems", + "expanded": "Erroneous use or administration of devices and systems", + "description": "Information leak / sharing / damage caused by misuse of IT assets (lack of awareness of application features) or wrong / improper IT assets configuration or management." + }, + { + "value": "loss-of-information-due-to-maintenance-errors-or-operators-errors", + "expanded": "Loss of information due to maintenance errors / operators' errors", + "description": "Threat of loss of information by incorrectly performed maintenance of devices or systems or other operator activities." + }, + { + "value": "loss-of-information-due-to-configuration-or-installation error", + "expanded": "Loss of information due to configuration/ installation error", + "description": "Threat of loss of information due to errors in installation or system configuration." + }, + { + "value": "increasing-recovery-time", + "expanded": "Increasing recovery time", + "description": "Threat of unavailability of information due to errors in the use of backup media and increasing information recovery time." + }, + { + "value": "lost-of-information-due-to-user-errors", + "expanded": "Loss of information due to user errors", + "description": "Threat of unavailability of information or damage to IT assets caused by user errors (using IT infrastructure) or IT software recovery time." + }, + { + "value": "using-information-from-an-unreliable-source", + "expanded": "Using information from an unreliable source", + "description": "Bad decisions based on unreliable sources of information or unchecked information." + }, + { + "value": "unintentional-change-of-data-in-an-information-system", + "expanded": "Unintentional change of data in an information system", + "description": "Loss of information integrity due to human error (information system user mistake)." + }, + { + "value": "inadequate-design-and-planning-or-improper-adaptation", + "expanded": "Inadequate design and planning or improper adaptation", + "description": "Threats caused by improper IT assets or business processes design (inadequate specifications of IT products, inadequate usability, insecure interfaces, policy/procedure flows, design errors)." + }, + { + "value": "damage-caused-by-a-third-party", + "expanded": "Damage caused by a third party", + "description": "Threats of damage to IT assets caused by third party." + }, + { + "value": "security-failure-caused-by-third-party", + "expanded": "Security failure caused by third party", + "description": "Threats of damage to IT assets caused by breach of security regulations by third party." + }, + { + "value": "damages-resulting-from-penetration-testing", + "expanded": "Damages resulting from penetration testing", + "description": "Threats to information systems caused by conducting IT penetration tests inappropriately." + }, + { + "value": "loss-of-information-in-the-cloud", + "expanded": "Loss of information in the cloud", + "description": "Threats of losing information or data stored in the cloud." + }, + { + "value": "loss-of-(integrity-of)-sensitive-information", + "expanded": "Loss of (integrity of) sensitive information", + "description": "Threats of losing information or data, or changing information classified as sensitive." + }, + { + "value": "loss-of-integrity-of-certificates", + "expansed": "Loss of integrity of certificates", + "description": "Threat of losing integrity of certificates used for authorisation services" + }, + { + "value": "loss-of-devices-and-storage-media-and-documents", + "expanded": "Loss of devices, storage media and documents", + "description": "Threats of unavailability (losing) of IT assets and documents." + }, + { + "value": "loss-of-devices-or-mobile-devices", + "expanded": "Loss of devices/ mobile devices", + "description": "Threat of losing mobile devices." + }, + { + "value": "loss-of-storage-media", + "expanded": "Loss of storage media", + "description": "Threat of losing data-storage media." + }, + { + "value": "loss-of-documentation-of-IT-Infrastructure", + "expanded": "Loss of documentation of IT Infrastructure", + "description": "Threat of losing important documentation." + }, + { + "value": "destruction-of-records", + "expanded": "Destruction of records", + "description": "Threats of unavailability (destruction) of data and records (information) stored in devices and storage media." + }, + { + "value": "infection-of-removable-media", + "expanded": "Infection of removable media", + "description": "Threat of loss of important data due to using removable media, web or mail infection." + }, + { + "value": "abuse-of-storage", + "expanded": "Abuse of storage", + "description": "Threat of loss of records by improper /unauthorised use of storage devices." } ], "predicate": "unintentional-damage"