Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [2600] Minor update to Threat Analysis Worksheet

To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: Re: [2600] Minor update to Threat Analysis Worksheet
From: "Aubry, Carmen" <carmen.aubry@xxxxxxx>
Date: Thu, 30 Nov 2006 15:53:02 +0100
In-Reply-To: A<OF65405F49.1FFE5A5C-ON08257225.00812874@ricoh-usa.com>
List-Help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-2600>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO STDS-2600>
List-Owner: <mailto:STDS-2600-request@LISTSERV.IEEE.ORG>
List-Subscribe: <mailto:STDS-2600-subscribe-request@LISTSERV.IEEE.ORG>
List-Unsubscribe: <mailto:STDS-2600-unsubscribe-request@LISTSERV.IEEE.ORG>
Reply-To: "Aubry, Carmen" <carmen.aubry@xxxxxxx>
Thread-Index: AccHis6skYbG6jCbRgWct9BMxyNuwwNAs/mg
Thread-Topic: [2600] Minor update to Threat Analysis Worksheet

I have tried to use the threat analysis ThreatsAnalysisWorksheet-24b.xls in order to update PP-D and to discuss with our peoples for a Production PP.
I have realized that the passage between "best practices risk rating" to "threat inclusion into PP rating" is sometimes difficult to explain. Someone from outside has difficulties to understand that a threat with a risk rating of 2.4 was excluded but another one, with a risk rating of 1.9 was considered.
We have discussed a lot about threat inclusion in PPs A, B and C and I don't want to re-start this discussion. Our decision for inclusion was based on objective facts and I have the feeling that we didn't make our decisions (and the facts considered) explicit in order to help the people from outside the group understand it.

During the formal risk analysis by environment, we have given some "importance" levels for each of the STREAD classes by environment. I'm wandering if it wouldn't be appropriate to take also into account the asset relevance for that environment. 
Let me take an example:
	We say spoofing has an importance of 3 for environment A and 2 for environment B. 
My remark is: it depends what you are spoofing! 
	If it is spoofing an administrator for a privileged operation, than the importance should be 3 even for B environment. 
	If we decide to take into account the asset value for that environment it become clearer. We may say User Data value is 3 for environment A and has a value of 2 for environment B. Management data value is 3 for both environments.
I have the impression that, when we considered threats inclusion by environment, we had made this distinction (the asset value for the environment) and this may partially explain the gap. (Of course, there are also the rules of TOE detection and concentricity, but these rules alone can't completely explain the gap)

I have tried to apply this rationale (give an asset relevance level by environment) and take it into account for the "overall importance" for each threat in environments A, B, C and D.
I have modified the ThreatsAnalysisWorksheet-24b.xls to test this approach (now it is ThreatsAnalysisWorksheet-24c-asset.xls). 
I have played with the "asset relevance level" in order to match the threats by PP inclusion (in order to make explicit the decisions taken by the group). Afterwards, I have grayed out the threats that we have decided not to take into account due to the "TOE detection rules".
The result is not so bad. The threats inclusion for A and B become clearer (with some exceptions that worth discussing in order to be sure that it were made on purpose and not an omission).
With my understanding of environment D, the results are rather realistic.
The only profile without a correct threat matching is C. It is probably due to the fact that I'm not correctly giving asset relevance levels. I'm sure that Nancy and Alain can easily find an explanation.

Don, do you think that it would be possible to find a time slot during the next meeting to have the opinion of the others group members on this approach?

Best regards,


_________________________________________________________
 
Carmen AUBRY, 
GSNA, CISSP
Oce Print Logic Technologies S.A. -R&D -http://www.oce.com
Phone: +33 (0)1 48 98 80 22 - Fax: +33 (0)1 48 98 54 50
1, rue Jean Lemoine  -  BP 113  -  94015 Créteil Cedex  - FRANCE
_________________________________________________________

-----Original Message-----
From: Brian Smithson [mailto:Brian.Smithson@RICOH-USA.COM] 
Sent: Tuesday, November 14, 2006 2:14 AM
To: STDS-2600@listserv.ieee.org
Subject: [2600] Minor update to Threat Analysis Worksheet

I have posted a minor update to the Threat Analysis worksheet that I posted last week. There was an error in the Objectives tab: data for rows T.TSF.SALVAGE and T.TSF.CRED.GUESS were swapped.

Here's the new one:

http://grouper.ieee.org/groups/2600/presentations/ElSegundo2006/ThreatsAna
lysisWorksheet-24b.xls

Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA
Advanced Imaging and Network Technologies Ricoh Corporation
(408)346-4435



This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law.

If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.

If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message.
  
Thank you for your co-operation.

ThreatsAnalysisWorksheet-24c-asset.xls

References:
- [2600] Minor update to Threat Analysis Worksheet
  - From: Brian Smithson

Prev by Date: [2600] RSVP reminder for El Segundo meeting
Next by Date: Re: [2600] Various devices' claim to P2600 PP conformance
Prev by thread: [2600] Minor update to Threat Analysis Worksheet
Next by thread: [2600] New versions of the P2600 main standard are available
Index(es):
- Date
- Thread