Skip to content

Asset Variables

Jump to bottom Edit New page
Kevin Thompson edited this page Jun 3, 2014 · 4 revisions

This section describes the information assets that were compromised during the incident. “Compromised” refers to any loss of confidentiality/possession, integrity/authenticity, availability/utility (primary security attributes). Naturally, an incident can involve multiple assets and affect multiple attributes of those assets.

The assets which were affected in the incident are modeled in an array called assets. Each item in the array is an object consisting of a variety variable and optionally a number of that asset variety which was affected. Other variables in this field record the ownership and management of the assets and whether or not cloud hosting was a factor in the incident.

Asset.assets

The list of affected organizational assets is called 'assets' and is represented as an array of items in the 'asset' root field. Just remember that the incident has one asset object and within that object is a list of affected assets. Each item in the list must have one variety and may also have an amount listed.

Asset.assets.x.variety

Select one for each object in the assets array

  • M - Disk drive: Media - Hard disk drive
  • M - Disk media: Media - Disk media (e.g. CDs DVDs)
  • M - Documents: Media - Documents
  • M - Flash drive: Media - Flash drive or card
  • M - Other: Media - Other/Unknown
  • M - Payment card: Media - Payment card (e.g. magstripe EMV)
  • M - Smart card: Media - Identity smart card
  • M - Tapes: Media - Backup tapes
  • N - Access reader: Network - Access control reader (e.g. badge biometric)
  • N - Broadband: Network - Mobile broadband network
  • N - Camera: Network - Camera or surveillance system
  • N - Firewall: Network - Firewall
  • N - HSM: Network - Hardware security module (HSM)
  • N - IDS: Network - IDS or IPs
  • N - LAN: Network - Wired LAN
  • N - Other: Network - Other/Unknown
  • N - PBX: Network - Private branch exchange (PBX)
  • N - PLC: Network - Programmable logic controller (PLC)
  • N - Private WAN: Network - Private WAN
  • N - Public WAN: Network - Public WAN
  • N - RTU: Network - Remote terminal unit (RTU)
  • N - Router or switch: Network - Router or switch
  • N - SAN: Network - Storage area network (SAN)
  • N - Telephone: Network - Telephone
  • N - VoIP adapter: Network - VoIP adapter
  • N - WLAN: Network - Wireless LAN
  • P - Auditor: People - Auditor
  • P - Call center: People - Call center
  • P - Cashier: People - Cashier
  • P - Customer: People - Customer
  • P - Developer: People - Developer
  • P - End-user: People - End-user
  • P - Executive: People - Executive
  • P - Finance: People - Finance
  • P - Former employee: People - Former employee
  • P - Guard: People - Guard
  • P - Helpdesk: People - Helpdesk
  • P - Human resources: People - Human resources
  • P - Maintenance: People - Maintenance
  • P - Manager: People - Manager
  • P - Other: People - Other/Unknown
  • P - Partner: People - Partner
  • P - System admin: People - Administrator
  • S - Authentication: Server - Authentication
  • S - Backup: Server - Backup
  • S - Code repository: Server - Code repository
  • S - DCS: Server - Distributed control system (DCS)
  • S - DHCP: Server - DHCP
  • S - DNS: Server - DNS
  • S - Database: Server - Database
  • S - Directory: Server - Directory (LDAP AD)
  • S - File: Server - File
  • S - Log: Server - Log or event management
  • S - Mail: Server - Mail
  • S - Mainframe: Server - Mainframe
  • S - Other: Server - Other/Unknown
  • S - POS controller: Server - POS controller
  • S - Payment switch: Server - Payment switch or gateway
  • S - Print: Server - Print
  • S - Proxy: Server - Proxy
  • S - Remote access: Server - Remote access
  • S - SCADA: Server - SCADA system
  • S - VM host: Server - Virtual Host
  • S - Web application: Server - Web application
  • S - Unknown: Server - Unknown
  • T - ATM: Public Terminal - Automated Teller Machine (ATM)
  • T - Gas terminal: Public Terminal - Gas \pay-at-the-pump\ terminal
  • T - Kiosk: Public Terminal - Self-service kiosk
  • T - Other: Public Terminal - Other/Unknown
  • T - PED pad: Public Terminal - Detached PIN pad or card reader
  • U - Auth token: User Device - Authentication token or device
  • U - Desktop: User Device - Desktop or workstation
  • U - Laptop: User Device - Laptop
  • U - Media: User Device - Media player or recorder
  • U - Mobile phone: User Device - Mobile phone or smartphone
  • U - Other: User Device - Other/Unknown
  • U - POS terminal: User Device - POS terminal
  • U - Peripheral: User Device - Peripheral (e.g. printer copier fax)
  • U - Tablet: User Device - Tablet
  • U - Telephone: User Device - Telephone
  • U - VoIP phone: User Device - VoIP phone
  • Unknown: Unknown

Asset.assets.x.amount

This is the number of that particular asset which is affected.

Asset.cloud

Question text: Did the use of cloud computing or hosted IT services contribute to the incident?
Purpose: Understanding if outsourced information technology services contribute to information security incidents.

Values

Multi-select: choose all that apply

  • Customer attack: Penetration of another web site on shared device
  • Hosting error: Misconfiguration or error by hosting provider
  • Hosting governance: Lack of security process or procedure by hosting provider
  • Hypervisor: Hypervisor break-out attack
  • Partner application: Application vulnerability in partner-developed application
  • User breakout: Elevation of privilege by another customer in shared environment
  • Other: Other
  • Unknown: Unknown

Asset.country

Asset.governance

Add a custom footer
Add a custom sidebar
Clone this wiki locally