Difference between revisions of "Category:Threat Agent"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
This category is for tagging articles related to common application security threat agents.
 
This category is for tagging articles related to common application security threat agents.
 
==What is a threat agent?==
 
  
The term Threat Agent is used to indicate an individual or group that can manifest a threat. It is fundamental to identify who would want to exploit the assets of a company, and how they might use them against the company.
+
==What is a Threat Agent?==
 +
The term ''Threat Agent'' is used to indicate an individual or group that can manifest a threat. It is fundamental to identify who would want to exploit the assets of a company, and how they might use them against the company.
  
 
Threat Agent = Capabilities + Intentions + Past Activities
 
Threat Agent = Capabilities + Intentions + Past Activities
 
  
 
These individuals and groups can be classified as follows:
 
These individuals and groups can be classified as follows:
* Non-Target Specific: Non-Target specific Threat Agents are Computer Viruses, Worms, Trojan Horses and Logic Bombs.
+
* Non-Target Specific: Non-Target Specific Threat Agents are computer viruses, worms, trojans and logic bombs.
* Employees: Staff, Contractors, Operational and Maintenance Staff, Security Guard who are annoyed with the company.
+
* Employees: Staff, contractors, operational/maintenance personnel, or security guards who are annoyed with the company.
 
* Organized Crime and Criminals: Criminals target information that is of value to them, such as bank accounts, credit cards or intellectual property that can be converted into money. Criminals will often make use of insiders to help them.
 
* Organized Crime and Criminals: Criminals target information that is of value to them, such as bank accounts, credit cards or intellectual property that can be converted into money. Criminals will often make use of insiders to help them.
* The Corporations: Corporations are engaged in offensive Information Warfare. Partners and Competitors come under this category.
+
* The Corporations: Corporations are engaged in offensive information warfare or competitive intelligence. Partners and competitors come under this category.
* Human Unintentional: Accidents, Carelessness
+
* Human, Unintentional: Accidents, carelessness.
* Human Intentional: Insider, Outsider
+
* Human, Intentional: Insider, outsider.
* Natural: Flood, Fire, Lightning, Meteor, Earthquakes
+
* Natural: Flood, fire, lightning, meteor, earthquakes.
  
 
[[Perform security analysis of system requirements and design (threat modeling)|Threat Risk Modeling]] is an activity to understand the security in an application. The specific vulnerability, related countermeasures, and impact are not required to discuss a threat, because the threat exists even if the target is well protected against it. For example, there is a threat that an attacker could launch a denial of service attack against your application even if you have sufficient defenses in place.
 
[[Perform security analysis of system requirements and design (threat modeling)|Threat Risk Modeling]] is an activity to understand the security in an application. The specific vulnerability, related countermeasures, and impact are not required to discuss a threat, because the threat exists even if the target is well protected against it. For example, there is a threat that an attacker could launch a denial of service attack against your application even if you have sufficient defenses in place.
  
 
All attack articles should follow the [[Threat Agent template]].
 
All attack articles should follow the [[Threat Agent template]].
 +
 +
==References==
 +
# [http://www.ewa-australia.com/infosec-stream2.htm Electronic Warfare Association – Australia]
 +
# Hancock (1998). "Steps to a Successful Creation of a Corporate Threat Management Plan." Computer Fraud & Security 1998 (7): Pg. 16-18.
 +
# Understanding and Developing a Threat Assessment Model, S. Vidalis and A. Blyth, University of Glamorgan.
 +
 +
{{PutInCategory}}
  
 
[[Category:Article Type]]
 
[[Category:Article Type]]
 
[[Category:OWASP Honeycomb Project]]
 
[[Category:OWASP Honeycomb Project]]
 
 
'''== References: =='''<BR>
 
[01] Electronic Warfare Association – Australia (URL: www.ewa-australia.com/infosec-stream2.htm)<BR>
 
[02] Hancock(1998). "Steps to a successful creation of a corporate threat management plan." Computer Fraud & Security 1998(7): Pg. 16-18.<BR>
 
[03] Understanding and Developing a Threat Assessment Model, S Vidalis and A Blyth, University of Glamorgan.<BR>
 

Revision as of 19:46, 26 July 2008

This category is for tagging articles related to common application security threat agents.

What is a Threat Agent?

The term Threat Agent is used to indicate an individual or group that can manifest a threat. It is fundamental to identify who would want to exploit the assets of a company, and how they might use them against the company.

Threat Agent = Capabilities + Intentions + Past Activities

These individuals and groups can be classified as follows:

  • Non-Target Specific: Non-Target Specific Threat Agents are computer viruses, worms, trojans and logic bombs.
  • Employees: Staff, contractors, operational/maintenance personnel, or security guards who are annoyed with the company.
  • Organized Crime and Criminals: Criminals target information that is of value to them, such as bank accounts, credit cards or intellectual property that can be converted into money. Criminals will often make use of insiders to help them.
  • The Corporations: Corporations are engaged in offensive information warfare or competitive intelligence. Partners and competitors come under this category.
  • Human, Unintentional: Accidents, carelessness.
  • Human, Intentional: Insider, outsider.
  • Natural: Flood, fire, lightning, meteor, earthquakes.

Threat Risk Modeling is an activity to understand the security in an application. The specific vulnerability, related countermeasures, and impact are not required to discuss a threat, because the threat exists even if the target is well protected against it. For example, there is a threat that an attacker could launch a denial of service attack against your application even if you have sufficient defenses in place.

All attack articles should follow the Threat Agent template.

References

  1. Electronic Warfare Association – Australia
  2. Hancock (1998). "Steps to a Successful Creation of a Corporate Threat Management Plan." Computer Fraud & Security 1998 (7): Pg. 16-18.
  3. Understanding and Developing a Threat Assessment Model, S. Vidalis and A. Blyth, University of Glamorgan.

How to add a new Threat Agent article

You can follow the instructions to make a new Threat Agent article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Threat Agent category:

[[Category:Threat Agent]]

Subcategories

This category has the following 4 subcategories, out of 4 total.

E

I

Pages in category "Threat Agent"

The following 9 pages are in this category, out of 9 total.