misp-taxonomies/enisa/machinetag.json

935 lines
44 KiB
JSON

{
"values": [
{
"entry": [
{
"description": "Fraud committed by humans.",
"expanded": "Fraud",
"value": "fraud"
},
{
"description": "Fraud committed by employees or others that are in relation with entities, who have access to entities' information and IT assets.",
"expanded": "Fraud committed by employees",
"value": "fraud-by-employees"
},
{
"description": "Intentional actions (non-fulfilment or defective fulfilment of personal duties) aimed to cause disruption or damage to IT assets.",
"expanded": "Sabotage",
"value": "sabotage"
},
{
"description": "Act of physically damaging IT assets.",
"expanded": "Vandalism",
"value": "vandalism"
},
{
"description": "Stealing information or IT assets. Robbery.",
"expanded": "Theft (of devices, storage media and documents)",
"value": "theft"
},
{
"description": "Taking away another person's property in the form of mobile devices, for example smartphones, tablets.",
"expanded": "Theft of mobile devices (smartphones/ tablets)",
"value": "theft-of-mobile-devices"
},
{
"description": "Taking away another person's hardware property (except mobile devices), which often contains business-sensitive data.",
"expanded": "Theft of fixed hardware",
"value": "theft-of-fixed-hardware"
},
{
"description": "Stealing documents from private/company archives, often for the purpose of re-sale or to achieve personal benefits.",
"expanded": "Theft of documents",
"value": "theft-of-documents"
},
{
"description": "Stealing media devices, on which copies of essential information are kept.",
"expanded": "Theft of backups",
"value": "theft-of-backups"
},
{
"description": "Sharing information with unauthorised entities. Loss of information confidentiality due to intentional human actions (e.g., information leak may occur due to loss of paper copies of confidential information).",
"expanded": "Information leak /sharing",
"value": "information-leak-or-unauthorised-sharing"
},
{
"description": "Unapproved access to facility.",
"expanded": "Unauthorized physical access / Unauthorised entry to premises",
"value": "unauthorised-physical-access-or-unauthorised-entry-to-premises"
},
{
"description": "Actions following acts of coercion, extortion or corruption.",
"expanded": "Coercion, extortion or corruption",
"value": "coercion-or-extortion-or-corruption"
},
{
"description": "Threats of direct impact of warfare activities.",
"expanded": "Damage from the warfare",
"value": "damage-from-the-wafare"
},
{
"description": "Threats from terrorists.",
"expanded": "Terrorist attack",
"value": "terrorist-attack"
}
],
"predicate": "physical-attack"
},
{
"entry": [
{
"description": "Information leak / sharing caused by humans, due to their mistakes.",
"expanded": "Information leak /sharing due to human error",
"value": "information-leak-or-sharing-due-to-human-error"
},
{
"value": "accidental-leaks-or-sharing-of-data-by-employees",
"expanded": "Accidental leaks/sharing of data by employees",
"description": "Unintentional distribution of private or sensitive data to an unauthorized entity by a staff member."
},
{
"value": "leaks-of-data-via-mobile-applications",
"expanded": "Leaks of data via mobile applications",
"description": "Threat of leaking private data (a result of using applications for mobile devices)."
},
{
"value": "leaks-of-data-via-web-applications",
"expanded": "Leaks of data via Web applications",
"description": "Threat of leaking important information using web applications."
},
{
"value": "leaks-of-information-transferred-by-network",
"expanded": "Leaks of information transferred by network",
"description": "Threat of eavesdropping of unsecured network traffic."
},
{
"value": "erroneous-use-or-administration-of-devices-and-systems",
"expanded": "Erroneous use or administration of devices and systems",
"description": "Information leak / sharing / damage caused by misuse of IT assets (lack of awareness of application features) or wrong / improper IT assets configuration or management."
},
{
"value": "loss-of-information-due-to-maintenance-errors-or-operators-errors",
"expanded": "Loss of information due to maintenance errors / operators' errors",
"description": "Threat of loss of information by incorrectly performed maintenance of devices or systems or other operator activities."
},
{
"value": "loss-of-information-due-to-configuration-or-installation error",
"expanded": "Loss of information due to configuration/ installation error",
"description": "Threat of loss of information due to errors in installation or system configuration."
},
{
"value": "increasing-recovery-time",
"expanded": "Increasing recovery time",
"description": "Threat of unavailability of information due to errors in the use of backup media and increasing information recovery time."
},
{
"value": "lost-of-information-due-to-user-errors",
"expanded": "Loss of information due to user errors",
"description": "Threat of unavailability of information or damage to IT assets caused by user errors (using IT infrastructure) or IT software recovery time."
},
{
"value": "using-information-from-an-unreliable-source",
"expanded": "Using information from an unreliable source",
"description": "Bad decisions based on unreliable sources of information or unchecked information."
},
{
"value": "unintentional-change-of-data-in-an-information-system",
"expanded": "Unintentional change of data in an information system",
"description": "Loss of information integrity due to human error (information system user mistake)."
},
{
"value": "inadequate-design-and-planning-or-improper-adaptation",
"expanded": "Inadequate design and planning or improper adaptation",
"description": "Threats caused by improper IT assets or business processes design (inadequate specifications of IT products, inadequate usability, insecure interfaces, policy/procedure flows, design errors)."
},
{
"value": "damage-caused-by-a-third-party",
"expanded": "Damage caused by a third party",
"description": "Threats of damage to IT assets caused by third party."
},
{
"value": "security-failure-caused-by-third-party",
"expanded": "Security failure caused by third party",
"description": "Threats of damage to IT assets caused by breach of security regulations by third party."
},
{
"value": "damages-resulting-from-penetration-testing",
"expanded": "Damages resulting from penetration testing",
"description": "Threats to information systems caused by conducting IT penetration tests inappropriately."
},
{
"value": "loss-of-information-in-the-cloud",
"expanded": "Loss of information in the cloud",
"description": "Threats of losing information or data stored in the cloud."
},
{
"value": "loss-of-(integrity-of)-sensitive-information",
"expanded": "Loss of (integrity of) sensitive information",
"description": "Threats of losing information or data, or changing information classified as sensitive."
},
{
"value": "loss-of-integrity-of-certificates",
"expanded": "Loss of integrity of certificates",
"description": "Threat of losing integrity of certificates used for authorisation services"
},
{
"value": "loss-of-devices-and-storage-media-and-documents",
"expanded": "Loss of devices, storage media and documents",
"description": "Threats of unavailability (losing) of IT assets and documents."
},
{
"value": "loss-of-devices-or-mobile-devices",
"expanded": "Loss of devices/ mobile devices",
"description": "Threat of losing mobile devices."
},
{
"value": "loss-of-storage-media",
"expanded": "Loss of storage media",
"description": "Threat of losing data-storage media."
},
{
"value": "loss-of-documentation-of-IT-Infrastructure",
"expanded": "Loss of documentation of IT Infrastructure",
"description": "Threat of losing important documentation."
},
{
"value": "destruction-of-records",
"expanded": "Destruction of records",
"description": "Threats of unavailability (destruction) of data and records (information) stored in devices and storage media."
},
{
"value": "infection-of-removable-media",
"expanded": "Infection of removable media",
"description": "Threat of loss of important data due to using removable media, web or mail infection."
},
{
"value": "abuse-of-storage",
"expanded": "Abuse of storage",
"description": "Threat of loss of records by improper /unauthorised use of storage devices."
}
],
"predicate": "unintentional-damage"
},
{
"predicate": "disaster",
"entry": [
{
"value": "disaster",
"expanded": "Disaster (natural earthquakes, floods, landslides, tsunamis, heavy rains, heavy snowfalls, heavy winds)",
"description": "Large scale natural disasters."
},
{
"value": "fire",
"expanded": "Fire",
"description": "Threat of fire."
},
{
"value": "pollution-dust-corrosion",
"expanded": "Pollution, dust, corrosion",
"description": "Threat of disruption of work of IT systems (hardware) due to pollution, dust or corrosion (arising from the air)."
},
{
"value": "thunderstrike",
"expanded": "Thunderstrike",
"description": "Threat of damage to IT hardware caused by thunder strike (overvoltage)."
},
{
"value": "water",
"expanded": "Water",
"description": "Threat of damage to IT hardware caused by water."
},
{
"value": "explosion",
"expanded": "Explosion",
"description": "Threat of damage to IT hardware caused by explosion."
},
{
"value": "dangerous-radiation-leak",
"expanded": "Dangerous radiation leak",
"description": "Threat of damage to IT hardware caused by radiation leak."
},
{
"value": "unfavourable-climatic-conditions",
"expanded": "Unfavourable climatic conditions",
"description": "Threat of disruption of work of IT systems due to climatic conditions that have a negative effect on hardware."
},
{
"value": "loss-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-heightened-humidity",
"expanded": "Loss of data or accessibility of IT infrastructure as a result of heightened humidity",
"description": "Threat of disruption of work of IT systems due to high humidity."
},
{
"value": "lost-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-very-high-temperature",
"expanded": "Lost of data or accessibility of IT infrastructure as a result of very high temperature",
"description": "Threat of disruption of work of IT systems due to high or low temperature."
},
{
"value": "threats-from-space-or-electromagnetic-storm",
"expanded": "Threats from space / Electromagnetic storm",
"description": "Threats of the negative impact of solar radiation to satellites and radio wave communication systems - electromagnetic storm."
},
{
"value": "wildlife",
"expanded": "Wildlife",
"description": "Threat of destruction of IT assets caused by animals: mice, rats, birds."
}
]
},
{
"predicate": "failures-malfunction",
"entry": [
{
"value": "failure-of-devices-or-systems",
"expanded": "Failure of devices or systems",
"description": "Threat of failure of IT hardware and/or software assets or its parts."
},
{
"value": "failure-of-data-media",
"expanded": "Failure of data media",
"description": "Threat of failure of data media."
},
{
"value": "hardware-failure",
"expanded": "Hardware failure",
"description": "Threat of failure of IT hardware."
},
{
"value": "failure-of-applications-and-services",
"expanded": "Failure of applications and services",
"description": "Threat of failure of software/applications or services."
},
{
"value": "failure-of-parts-of-devices-connectors-plug-ins",
"expanded": "Failure of parts of devices (connectors, plug-ins)",
"description": "Threat of failure of IT equipment or its part."
},
{
"value": "failure-or-disruption-of-communication-links-communication networks",
"expanded": "Failure or disruption of communication links (communication networks)",
"description": "Threat of failure or malfunction of communications links."
},
{
"value": "failure-of-cable-networks",
"expanded": "Failure of cable networks",
"description": "Threat of failure of communications links due to problems with cable network."
},
{
"value": "failure-of-wireless-networks",
"expanded": "Failure of wireless networks",
"description": "Threat of failure of communications links due to problems with wireless networks."
},
{
"value": "failure-of-mobile-networks",
"expanded": "Failure of mobile networks",
"description": "Threat of failure of communications links due to problems with mobile networks."
},
{
"value": "failure-or-disruption-of-main-supply",
"expanded": "Failure or disruption of main supply",
"description": "Threat of failure or disruption of supply required for information systems."
},
{
"value": "failure-or-disruption-of-power-supply",
"expanded": "Failure or disruption of power supply",
"description": "Threat of failure or malfunction of power supply."
},
{
"value": "failure-of-cooling-infrastructure",
"expanded": "Failure of cooling infrastructure",
"description": "Threat of failure of IT assets due to improper work of cooling infrastructure."
},
{
"value": "failure-or-disruption-of-service-providers-supply-chain",
"expanded": "Failure or disruption of service providers (supply chain)",
"description": "Threat of failure or disruption of third party services required for proper operation of information systems."
},
{
"value": "malfunction-of-equipment-devices-or-systems",
"expanded": "Malfunction of equipment (devices or systems)",
"description": "Threat of malfunction of IT hardware and/or software assets or its parts (i.e. improper working parameters, jamming, rebooting)."
}
]
},
{
"predicate": "outages",
"entry": [
{
"value": "absence-of-personnel",
"expanded": "Absence of personnel",
"description": "Unavailability of key personnel and their competences."
},
{
"value": "strike",
"expanded": "Strike",
"description": "Unavailability of staff due to a strike (large scale absence of personnel)."
},
{
"value": "loss-of-support-services",
"expanded": "Loss of support services",
"description": "Unavailability of support services required for proper operation of the information system."
},
{
"value": "internet-outage",
"expanded": "Internet outage",
"description": "Unavailability of the Internet connection."
},
{
"value": "network-outage",
"expanded": "Network outage",
"description": "Unavailability of communication links."
},
{
"value": "outage-of-cable-networks",
"expanded": "Outage of cable networks",
"description": "Threat of lack of communications links due to problems with cable network."
},
{
"value": "Outage-of-short-range-wireless-networks",
"expanded": "Outage of short-range wireless networks",
"description": "Threat of lack of communications links due to problems with wireless networks (802.11 networks, Bluetooth, NFC etc.)."
},
{
"value": "outages-of-long-range-wireless-networks",
"expanded": "Outages of long-range wireless networks",
"description": "Threat of lack of communications links due to problems with mobile networks like cellular network (3G, LTE, GSM etc.) or satellite links."
}
]
},
{
"predicate": "eavesdropping-interception-hijacking",
"entry": [
{
"value": "war-driving",
"expanded": "War driving",
"description": "Threat of locating and possibly exploiting connection to the wireless network."
},
{
"value": "intercepting-compromising-emissions",
"expanded": "Intercepting compromising emissions",
"description": "Threat of disclosure of transmitted information using interception and analysis of compromising emission."
},
{
"value": "interception-of-information",
"expanded": "Interception of information",
"description": "Threat of interception of information which is improperly secured in transmission or by improper actions of staff."
},
{
"value": "corporate-espionage",
"expanded": "Corporate espionage",
"description": "Threat of obtaining information secrets by dishonest means."
},
{
"value": "nation-state-espionage",
"expanded": "Nation state espionage",
"description": "Threats of stealing information by nation state espionage (e.g. China based governmental espionage, NSA from USA)."
},
{
"value": "information-leakage-due-to-unsecured-wi-fi-like-rogue-access-points",
"expanded": "Information leakage due to unsecured Wi-Fi, rogue access points",
"description": "Threat of obtaining important information by insecure network rogue access points etc."
},
{
"value": "interfering-radiation",
"expanded": "Interfering radiation",
"description": "Threat of failure of IT hardware or transmission connection due to electromagnetic induction or electromagnetic radiation emitted by an outside source."
},
{
"value": "replay-of-messages",
"expanded": "Replay of messages",
"description": "Threat in which valid data transmission is maliciously or fraudulently repeated or delayed."
},
{
"value": "network-reconnaissance-network-traffic-manipulation-and-information-gathering",
"expanded": "Network Reconnaissance, Network traffic manipulation and Information gathering",
"description": "Threat of identifying information about a network to find security weaknesses."
},
{
"value": "man-in-the-middle-session-hijacking",
"expanded": "Man in the middle/ Session hijacking",
"description": "Threats that relay or alter communication between two parties."
}
]
},
{
"predicate": "legal",
"entry": [
{
"value": "violation-of-rules-and-regulations-breach-of-legislation",
"expanded": "Violation of rules and regulations / Breach of legislation",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to violation of law or regulations."
},
{
"value": "failure-to-meet-contractual-requirements",
"expanded": "Failure to meet contractual requirements",
"description": "Threat of financial penalty or loss of trust of customers and collaborators due to failure to meet contractual requirements."
},
{
"value": "failure-to-meet-contractual-requirements-by-third-party",
"expanded": "Failure to meet contractual requirements by third party",
"description": "Threat of financial penalty or loss of trust of customers and collaborators due to a third party's failure to meet contractual requirements"
},
{
"value": "unauthorized-use-of-IPR-protected-resources",
"expanded": "Unauthorized use of IPR protected resources",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to improper/illegal use of IPR protected material (IPR- Intellectual Property Rights."
},
{
"value": "illegal-usage-of-file-sharing-services",
"expanded": "Illegal usage of File Sharing services",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to improper/illegal use of file sharing services."
},
{
"value": "abuse-of-personal-data",
"expanded": "Abuse of personal data",
"description": "Threat of illegal use of personal data."
},
{
"value": "judiciary-decisions-or-court-order",
"expanded": "Judiciary decisions/court order",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to judiciary decisions/court order."
}
]
},
{
"predicate": "nefarious-activity-abuse",
"entry": [
{
"value": "identity-theft-identity-fraud-account)",
"expanded": "Identity theft (Identity Fraud/ Account)",
"description": "Threat of identity theft action."
},
{
"value": "credentials-stealing-trojans",
"expanded": "Credentials-stealing trojans",
"description": "Threat of identity theft action by malware computer programs."
},
{
"value": "receiving-unsolicited-e-mail",
"expanded": "Receiving unsolicited E-mail",
"description": "Threat of receiving unsolicited email which affects information security and efficiency."
},
{
"value": "spam",
"expanded": "SPAM",
"description": "Threat of receiving unsolicited, undesired, or illegal email messages."
},
{
"value": "unsolicited-infected-e-mails",
"expanded": "Unsolicited infected e-mails",
"description": "Threat emanating from unwanted emails that may contain infected attachments or links to malicious / infected web sites."
},
{
"value": "denial-of-service",
"expanded": "Denial of service",
"description": "Threat of service unavailability due to massive requests for services."
},
{
"value": "distributed-denial-of-network-service-network-layer-attack",
"expanded": "Distributed denial of network service (DDoS) (network layer attack i.e. Protocol exploitation / Malformed packets / Flooding / Spoofing)",
"description": "Threat of service unavailability due to a massive number of requests for access to network services from malicious clients."
},
{
"value": "distributed-denial-of-network-service-application-layer-attack",
"expanded": "Distributed denial of application service (DDoS) (application layer attack i.e. Ping of Death / XDoS / WinNuke / HTTP Floods)",
"description": "Threat of service unavailability due to massive requests sent by multiple malicious clients."
},
{
"value": "distributed-denial-of-network-service-amplification-reflection-attack",
"expanded": "Distributed DoS (DDoS) to both network and application services (amplification/reflection methods i.e. NTP/ DNS /.../ BitTorrent)",
"description": "Threat of creating a massive number of requests, using multiplication/amplification methods."
},
{
"value": "malicious-code-software-activity",
"expanded": "Malicious code/ software/ activity"
},
{
"value": "search-engine-poisoning",
"expanded": "Search Engine Poisoning",
"description": "Threat of deliberate manipulation of search engine indexes."
},
{
"value": "exploitation-of-fake-trust-of-social-media",
"expanded": "Exploitation of fake trust of social media",
"description": "Threat of malicious activities making use of trusted social media."
},
{
"value": "worms-trojans",
"expanded": "Worms/ Trojans",
"description": "Threat of malware computer programs (trojans/worms)."
},
{
"value": "rootkits",
"expanded": "Rootkits",
"description": "Threat of stealthy types of malware software."
},
{
"value": "mobile-malware",
"expanded": "Mobile malware",
"description": "Threat of mobile malware programs."
},
{
"value": "infected-trusted-mobile-apps",
"expanded": "Infected trusted mobile apps",
"description": "Threat of using mobile malware software that is recognised as trusted one."
},
{
"value": "elevation-of-privileges",
"expanded": "Elevation of privileges",
"description": "Threat of exploiting bugs, design flaws or configuration oversights in an operating system or software application to gain elevated access to resources."
},
{
"value": "web-application-attacks-injection-attacks-code-injection-SQL-XSS",
"expanded": "Web application attacks / injection attacks (Code injection: SQL, XSS)",
"description": "Threat of utilizing custom web applications embedded within social media sites, which can lead to installation of malicious code onto computers to be used to gain unauthorized access."
},
{
"value": "spyware-or-deceptive-adware",
"expanded": "Spyware or deceptive adware",
"description": "Threat of using software that aims to gather information about a person or organization without their knowledge."
},
{
"value": "viruses",
"expanded": "Viruses",
"description": "Threat of infection by viruses."
},
{
"value": "rogue-security-software-rogueware-scareware",
"expanded": "Rogue security software/ Rogueware / Scareware",
"description": "Threat of internet fraud or malicious software that mislead users into believing there is a virus on their computer, and manipulates them to pay money for fake removal tool."
},
{
"value": "ransomware",
"expanded": "Ransomware",
"description": "Threat of infection of computer system or device by malware that restricts access to it and demands that the user pay a ransom to remove the restriction."
},
{
"value": "exploits-exploit-kits",
"expanded": "Exploits/Exploit Kits",
"description": "Threat to IT assets due to the use of web available exploits or exploits software."
},
{
"value": "social-engineering",
"expanded": "Social Engineering",
"description": "Threat of social engineering type attacks (target: manipulation of personnel behaviour)."
},
{
"value": "phishing-attacks",
"expanded": "Phishing attacks",
"description": "Threat of an email fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy websites."
},
{
"value": "spear-phishing-attacks",
"expanded": "Spear phishing attacks",
"description": "Spear-phishing is a targeted e-mail message that has been crafted to create fake trust and thus lure the victim to unveil some business or personal secrets that can be abused by the adversary."
},
{
"value": "abuse-of-information-leakage",
"expanded": "Abuse of Information Leakage",
"description": "Threat of leaking important information."
},
{
"value": "leakage-affecting-mobile-privacy-and-mobile-applications",
"expanded": "Leakage affecting mobile privacy and mobile applications",
"description": "Threat of leaking important information due to using malware mobile applications."
},
{
"value": "leakage-affecting-web-privacy-and-web-applications",
"expanded": "Leakage affecting web privacy and web applications",
"description": "Threat of leakage important information due to using malware web applications."
},
{
"value": "leakage-affecting-network-traffic",
"expanded": "Leakage affecting network traffic",
"description": "Threat of leaking important information in network traffic."
},
{
"value": "leakage-affecting-cloud-computing",
"expanded": "Leakage affecting cloud computing",
"description": "Threat of leaking important information in cloud computing."
},
{
"value": "generation-and-use-of-rogue-certificates",
"expanded": "Generation and use of rogue certificates",
"description": "Threat of use of rogue certificates."
},
{
"value": "loss-of-integrity-of-sensitive-information",
"expanded": "Loss of (integrity of) sensitive information",
"description": "Threat of loss of sensitive information due to loss of integrity."
},
{
"value": "man-in-the-middle-session-hijacking",
"expanded": "Man in the middle / Session hijacking",
"description": "Threat of attack consisting in the exploitation of the web session control mechanism, which is normally managed by a session token."
},
{
"value": "social-engineering-via-signed-malware",
"expanded": "Social Engineering / signed malware",
"description": "Threat of install fake trust signed software (malware) e.g. fake OS updates."
},
{
"value": "fake-SSL-certificates",
"expanded": "Fake SSL certificates",
"description": "Threat of attack due to malware application signed by a certificate that is typically inherently trusted by an endpoint."
},
{
"value": "manipulation-of-hardware-and-software",
"expanded": "Manipulation of hardware and software",
"description": "Threat of unauthorised manipulation of hardware and software."
},
{
"value": "anonymous-proxies",
"expanded": "Anonymous proxies",
"description": "Threat of unauthorised manipulation by anonymous proxies."
},
{
"value": "abuse-of-computing-power-of-cloud-to-launch-attacks-cybercrime-as-a-service)",
"expanded": "Abuse of computing power of cloud to launch attacks (cybercrime as a service)",
"description": "Threat of using large computing powers to generate attacks on demand."
},
{
"value": "abuse-of-vulnerabilities-0-day-vulnerabilities",
"expanded": "Abuse of vulnerabilities, 0-day vulnerabilities",
"description": "Threat of attacks using 0-day or known IT assets vulnerabilities."
},
{
"value": "access-of-web-sites-through-chains-of-HTTP-Proxies-Obfuscation",
"expanded": "Access of web sites through chains of HTTP Proxies (Obfuscation)",
"description": "Threat of bypassing the security mechanism using HTTP proxies (bypassing the website blacklist)."
},
{
"value": "access-to-device-software",
"expanded": "Access to device software",
"description": "Threat of unauthorised manipulation by access to device software."
},
{
"value": "alternation-of-software",
"expanded": "Alternation of software",
"description": "Threat of unauthorized modifications to code or data, attacking its integrity."
},
{
"value": "rogue-hardware",
"expanded": "Rogue hardware",
"description": "Threat of manipulation due to unauthorized access to hardware."
},
{
"value": "manipulation-of-information",
"expanded": "Manipulation of information",
"description": "Threat of intentional data manipulation to mislead information systems or somebody or to cover other nefarious activities (loss of integrity of information)."
},
{
"value": "repudiation-of-actions",
"expanded": "Repudiation of actions",
"description": "Threat of intentional data manipulation to repudiate action."
},
{
"value": "address-space-hijacking-IP-prefixes",
"expanded": "Address space hijacking (IP prefixes)",
"description": "Threat of the illegitimate takeover of groups of IP addresses."
},
{
"value": "routing-table-manipulation",
"expanded": "Routing table manipulation",
"description": "Threat of route packets of network to IP addresses other than that was intended via sender by unauthorised manipulation of routing table."
},
{
"value": "DNS-poisoning-or-DNS-spoofing-or-DNS-Manipulations",
"expanded": "DNS poisoning / DNS spoofing / DNS Manipulations",
"description": "Threat of falsification of DNS information."
},
{
"value": "falsification-of-record",
"expanded": "Falsification of record",
"description": "Threat of intentional data manipulation to falsify records."
},
{
"value": "autonomous-system-hijacking",
"expanded": "Autonomous System hijacking",
"description": "Threat of overtaking by the attacker the ownership of a whole autonomous system and its prefixes despite origin validation."
},
{
"value": "autonomous-system-manipulation",
"expanded": "Autonomous System manipulation",
"description": "Threat of manipulation by the attacker of a whole autonomous system in order to perform malicious actions."
},
{
"value": "falsification-of-configurations",
"expanded": "Falsification of configurations",
"description": "Threat of intentional manipulation due to falsification of configurations."
},
{
"value": "misuse-of-audit-tools",
"expanded": "Misuse of audit tools",
"description": "Threat of nefarious actions performed using audit tools (discovery of security weaknesses in information systems)"
},
{
"value": "misuse-of-information-or-information systems-including-mobile-apps",
"expanded": "Misuse of information/ information systems (including mobile apps)",
"description": "Threat of nefarious action due to misuse of information / information systems."
},
{
"value": "unauthorized-activities",
"expanded": "Unauthorized activities",
"description": "Threat of nefarious action due to unauthorised activities."
},
{
"value": "Unauthorised-use-or-administration-of-devices-and-systems",
"expanded": "Unauthorised use or administration of devices and systems",
"description": "Threat of nefarious action due to unauthorised use of devices and systems."
},
{
"value": "unauthorised-use-of-software",
"expanded": "Unauthorised use of software",
"description": "Threat of nefarious action due to unauthorised use of software."
},
{
"value": "unauthorized-access-to-the-information-systems-or-networks-like-IMPI-Protocol-DNS-Registrar-Hijacking)",
"expanded": "Unauthorized access to the information systems-or-networks (IMPI Protocol / DNS Registrar Hijacking)",
"description": "Threat of unauthorised access to the information systems / network."
},
{
"value": "network-intrusion",
"expanded": "Network Intrusion",
"description": "Threat of unauthorised access to network."
},
{
"value": "unauthorized-changes-of-records",
"expanded": "Unauthorized changes of records",
"description": "Threat of unauthorised changes of information."
},
{
"value": "unauthorized-installation-of-software",
"expanded": "Unauthorized installation of software",
"description": "Threat of unauthorised installation of software."
},
{
"value": "Web-based-attacks-drive-by-download-or-malicious-URLs-or-browser-based-attacks",
"expanded": "Web based attacks (Drive-by download / malicious URLs / Browser based attacks)",
"description": "Threat of installation of unwanted malware software by misusing websites."
},
{
"value": "compromising-confidential-information-like-data-breaches",
"expanded": "Compromising confidential information (data breaches)",
"description": "Threat of data breach."
},
{
"value": "hoax",
"expanded": "Hoax",
"description": "Threat of loss of IT assets security due to cheating."
},
{
"value": "false-rumour-and-or-fake-warning",
"expanded": "False rumour and/or fake warning",
"description": "Threat of disruption of work due to rumours and/or a fake warning."
},
{
"value": "remote-activity-execution",
"expanded": "Remote activity (execution)",
"description": "Threat of nefarious action by attacker remote activity."
},
{
"value": "remote-command-execution",
"expanded": "Remote Command Execution",
"description": "Threat of nefarious action due to remote command execution."
},
{
"value": "remote-access-tool",
"expanded": "Remote Access Tool (RAT)",
"description": "Threat of infection of software that has a remote administration capabilities allowing an attacker to control the victim's computer."
},
{
"value": "botnets-remote-activity",
"expanded": "Botnets / Remote activity",
"description": "Threat of penetration by software from malware distribution."
},
{
"value": "targeted-attacks",
"expanded": "Targeted attacks (APTs etc.)",
"description": "Threat of sophisticated, targeted attack which combine many attack techniques."
},
{
"value": "mobile-malware",
"expanded": "Mobile malware",
"description": "Threat of mobile software that aims to gather information about a person or organization without their knowledge."
},
{
"value": "spear-phishing-attacks",
"expanded": "Spear phishing attacks",
"description": "Threat of attack focused on a single user or department within an organization, coming from someone within the company in a position of trust and requesting information such as login, IDs and passwords."
},
{
"value": "installation-of-sophisticated-and-targeted-malware",
"expanded": "Installation of sophisticated and targeted malware",
"description": "Threat of malware delivered by sophisticated and targeted software."
},
{
"value": "watering-hole-attacks",
"expanded": "Watering Hole attacks",
"description": "Threat of malware residing on the websites which a group often uses."
},
{
"value": "failed-business-process",
"expanded": "Failed business process",
"description": "Threat of damage or loss of IT assets due to improperly executed business process."
},
{
"value": "brute-force",
"expanded": "Brute force",
"description": "Threat of unauthorised access via systematically checking all possible keys or passwords until the correct one is found."
},
{
"value": "abuse-of-authorizations",
"expanded": "Abuse of authorizations",
"description": "Threat of using authorised access to perform illegitimate actions."
}
]
}
],
"predicates": [
{
"description": "Threats of intentional, hostile human actions.",
"expanded": "Physical attack (deliberate/intentional).",
"value": "physical-attack"
},
{
"description": "Threats of unintentional human actions or errors.",
"expanded": "Unintentional damage / loss of information or IT assets.",
"value": "unintentional-damage"
},
{
"description": "Threats of damage to information assets caused by natural or environmental factors.",
"expanded": "Disaster (natural, environmental).",
"value": "disaster"
},
{
"description": "Threat of failure/malfunction of IT supporting infrastructure (i.e. degradation of quality, improper working parameters, jamming). The cause of a failure is mostly an internal issue (e.g.. overload of the power grid in a building).",
"expanded": "Failures/ Malfunction.",
"value": "failures-malfunction"
},
{
"description": "Threat of complete lack or loss of resources necessary for IT infrastructure. The cause of an outage is mostly an external issue (i.e electricity blackout in the whole city).",
"expanded": "Outages.",
"value": "outages"
},
{
"description": "Threats that alter communication between two parties. These attacks do not have to install additional tools/software on a victim's site.",
"expanded": "Eavesdropping/ Interception/ Hijacking",
"value": "eavesdropping-interception-hijacking"
},
{
"description": "Threats of nefarious activities that require use of tools by the attacker. These attacks require installation of additional tools/software or performing additional steps on the victim's IT infrastructure/software.",
"expanded": "Nefarious Activity/ Abuse",
"value": "nefarious-activity-abuse"
},
{
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to legislation.",
"expanded": "Legal",
"value": "legal"
}
],
"version": 201601,
"description": "The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.",
"expanded": "ENISA Threat Taxonomy",
"namespace": "enisa"
}