Namespace and predicated added - ENISA Threat Taxonomy A tool for structuring threat information

pull/23/head
Alexandre Dulaunoy 2016-05-20 07:43:26 +02:00
parent 36d2541f6f
commit 57f3472c1a
1 changed files with 49 additions and 0 deletions

49
enisa/machinetag.json Normal file
View File

@ -0,0 +1,49 @@
{
"namespace": "enisa",
"expanded": "ENISA Threat Taxonomy",
"description": "The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.",
"version": 1,
"predicates": [
{
"value": "physical-attack",
"expanded": "Physical attack (deliberate/intentional).",
"description": "Threats of intentional, hostile human actions."
},
{
"value": "unintentional-damage",
"expanded": "Unintentional damage / loss of information or IT assets.",
"description": "Threats of unintentional human actions or errors."
},
{
"value": "disaster",
"expanded": "Disaster (natural, environmental).",
"description": "Threats of damage to information assets caused by natural or environmental factors."
},
{
"value": "failures-malfunction",
"expanded": "Failures/ Malfunction.",
"description": "Threat of failure/malfunction of IT supporting infrastructure (i.e. degradation of quality, improper working parameters, jamming). The cause of a failure is mostly an internal issue (e.g.. overload of the power grid in a building)."
},
{
"value": "outages",
"expanded": "Outages.",
"description": "Threat of complete lack or loss of resources necessary for IT infrastructure. The cause of an outage is mostly an external issue (i.e electricity blackout in the whole city)."
},
{
"value": "eavesdropping-interception-hijacking",
"expanded": "Eavesdropping/ Interception/ Hijacking",
"description": "Threats that alter communication between two parties. These attacks do not have to install additional tools/software on a victim's site."
},
{
"value": "nefarious-activity-abuse",
"expanded": "Nefarious Activity/ Abuse",
"description": "Threats of nefarious activities that require use of tools by the attacker. These attacks require installation of additional tools/software or performing additional steps on the victim's IT infrastructure/software."
},
{
"value": "legal",
"expanded": "Legal",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to legislation."
}
],
"values": null
}