Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

Context

IAM

Title

A Classification of IAM Related Incident Classes

Version

1.0

Status
colourYellow
titleEarly Draft

Summary

Excerpt

Summary

To measure IAM related incidents, it is necessary to define what is an IAM related incident. This requires a classification of IAM related incident classes. This page is a placeholder where to progressively consolidate references to IAM related incident classes.

TODO

  •  Consider moving this classification to a dedicated Incident Classes wiki space to provide plenty of room for documentation and extensions.

Approach

In order to enable the measurement of IAM related, it is necessary to establish a classification of IAM related incident classes.

...

At this point, this page is a placeholder where

...

references to IAM related incident classes are progressively inventories. It is by no mean complete.

Call for contributions

If you are aware of classes not yet referenced on this page or if you are aware of complementary source references, please let us know and contribute.

...

See Also

...

Classification

Class

Definition

Sources

Phishing

Class: Information Gathering

Attempt to gather information on a user or a system through phishing methods.

Including;

  • Mass emailing aimed at collecting data for phishing purposes with regard to the victims (Dissemination of phishing emails: Art. 7 [H], Art. 7 [G])

  • Hosting web sites for phishing purposes (Hosting of phishing sites: Art. 7 [F]

ENISA and Europol EC3, 2017

Login attempt

Class: Intrusion Attempt and Intrusion

Attempt to log in to services or authentication / access control mechanisms.

Including:

  • Unsuccessful login by using sequential credentials for gaining access to the system (Brute-force attempt:, Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

  • Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys. (Password cracking attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

  • Unsuccessful login by using system access credentials previously loaded into a dictionary. (Dictionary attack attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

ENISA and Europol EC3, 2017

Unauthorised access to a system or component by bypassing an access control system in place.

Class: Intrusion

Type: (Successful) Exploitation of vulnerability

Actual intrusion by exploiting vulnerability in the system, component or network.

Unauthorised access to a system or component by bypassing an access control system in place. (Control system bypass: (Art. 2 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017

Compromising an account

Class: Intrusion

Actual intrusion in a system, component or network by compromising a user or administrator account.

Unauthorised access to a system or component by using stolen access credentials. (Theft of access credentials: Art. 6 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017

Unauthorised access

Class: Information Security

Unauthorised access to a particular set of information

Unauthorised access to a system or component (Unauthorised access to a system: - Art. 2 [A] - Art. 3 and 7 [F])

Unauthorised access to a set of information (Unauthorised access to information: - Art. 2 [A] - Art. 3 and 7 [F] - Art. 5, 6 and 25 [G])

Unauthorised access to and sharing of a specific set of information (Data exfiltration: - Art. 2 [A])

ENISA and Europol EC3, 2017

Unauthorised modification/deletion

Class: Information Security

Class description: Unauthorised change or elimination of a particular set of information.

Unauthorised changes to a specific set of information (Modification of information: - Art. 4, 7 and 8 [A] - Art. 5 [F])

Unauthorised deleting of a specific set of information (Deleting of information: - Art. 4 [A] - Art. 5 [F])

ENISA and Europol EC3, 2017

Other IAM related incident

Non-IAM related incident