Versions Compared

Old Version 5

changes.mady.by.user David Doret

Saved on

compared with

New Version 6

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

Context

IAM

Title

A Classification of IAM Related Incident Classes

Version

1.0

Status
colourYellow
titleEarly Draft

Summary

In order to enable the measurement of IAM related, it is necessary to establish a classification of IAM related incident classes. This page is a placeholder where to progressively consolidate references to IAM related incident classes.

See Also

TODO

  •  Consider moving this classification to a dedicated Incident Classes wiki space to provide plenty of room for documentation and extensions.

Approach

In order to enable the measurement of IAM related, it is necessary to establish a classification of IAM related incident classes. At this point, this page is a placeholder where references to IAM related incident classes are progressively inventories. It is by no mean complete.

...

Class

Definition

Sources

Phishing

Class: Information Gathering

Attempt to gather information on a user or a system through phishing methods.

Including;

  • Mass emailing aimed at collecting data for phishing purposes with regard to the victims (Dissemination of phishing emails: Art. 7 [H], Art. 7 [G])

  • Hosting web sites for phishing purposes (Hosting of phishing sites: Art. 7 [F]

ENISA and Europol EC3, 2017

Login attempt

Class: Intrusion Attempt and Intrusion

Attempt to log in to services or authentication / access control mechanisms.

Including:

  • Unsuccessful login by using sequential credentials for gaining access to the system (Brute-force attempt:, Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

  • Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys. (Password cracking attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

  • Unsuccessful login by using system access credentials previously loaded into a dictionary. (Dictionary attack attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

ENISA and Europol EC3, 2017

Unauthorised access to a system or component by bypassing an access control system in place.

Class: Intrusion

Type: (Successful) Exploitation of vulnerability

Actual intrusion by exploiting vulnerability in the system, component or network.

Unauthorised access to a system or component by bypassing an access control system in place. (Control system bypass: (Art. 2 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017

Compromising an account

Class: Intrusion

Actual intrusion in a system, component or network by compromising a user or administrator account.

Unauthorised access to a system or component by using stolen access credentials. (Theft of access credentials: Art. 6 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017

Unauthorised access

Class: Information Security

Unauthorised access to a particular set of information

Unauthorised access to a system or component (Unauthorised access to a system: - Art. 2 [A] - Art. 3 and 7 [F])

Unauthorised access to a set of information (Unauthorised access to information: - Art. 2 [A] - Art. 3 and 7 [F] - Art. 5, 6 and 25 [G])

Unauthorised access to and sharing of a specific set of information (Data exfiltration: - Art. 2 [A])

ENISA and Europol EC3, 2017

Unauthorised modification/deletion

Class: Information Security

Class description: Unauthorised change or elimination of a particular set of information.

Unauthorised changes to a specific set of information (Modification of information: - Art. 4, 7 and 8 [A] - Art. 5 [F])

Unauthorised deleting of a specific set of information (Deleting of information: - Art. 4 [A] - Art. 5 [F])

ENISA and Europol EC3, 2017

Other IAM related incident

Non-IAM related incident