A Classification of IAM Related Incident Classes (Research Note - IAM)

Context	IAM
Title	A Classification of IAM Related Incident Classes
Version	`1.0` EARLY DRAFT
Summary	In order to enable the measurement of IAM related, it is necessary to establish a classification of IAM related incident classes. This page is a placeholder where to progressively consolidate references to IAM related incident classes.
See Also
TODO

Approach

In order to enable the measurement of IAM related, it is necessary to establish a classification of IAM related incident classes. At this point, this page is a placeholder where references to IAM related incident classes are progressively inventories. It is by no mean complete.

Call for contributions

If you are aware of classes not yet referenced on this page or if you are aware of complementary source references, please let us know and contribute.

Classification

Class

Definition

Comments

Sources

Information Gathering - Phishing

Attempt to gather information on a user or a system through phishing methods.

Including;

Mass emailing aimed at collecting data for phishing purposes with regard to the victims.
Hosting web sites for phishing purposes.

ENISA and Europol EC3, 2017

Intrusion Attempt and Intrusion - Login attempt

Attempt to log in to services or authentication / access control mechanisms.

Including:

Unsuccessful login by using sequential credentials for gaining access to the system (Brute-force attempt:, Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])
Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys. (Password cracking attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])
Unsuccessful login by using system access credentials previously loaded into a dictionary. (Dictionary attack attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

ENISA and Europol EC3, 2017