|
Dimensions | Associated activities | O | S | D |
|
A1: Identification and access management | A1.1: Loss of secret keys | 5 | 7 | 4 |
A1.2: Cryptanalysis of a ciphered signal | 5 | 5 | 4 |
A1.3: Secret password divulged to any other user | 2 | 7 | 5 |
A1.4: Intentional access to network services, for example, proxy servers | 6 | 5 | 7 |
A1.5: Spoofing: impersonation of a legitimate user | 6 | 5 | 7 |
|
A2: Device and application registration | A2.1: Facility problems | 8 | 7 | 5 |
A2.2: Failure of encryption equipment | 6 | 9 | 5 |
A2.3: Unauthorized use of secure equipment | 6 | 5 | 4 |
A2.4: Ineffective infrastructure investment | 8 | 5 | 4 |
A2.5: Failure of application server | 5 | 4 | 5 |
|
A3: Infrastructure management | A3.1: Cabling problems | 6 | 5 | 4 |
A3.2: Failure of radio platform transmission | 2 | 9 | 4 |
A3.3: Failure of cipher audio (telephone) and video | 2 | 7 | 4 |
A3.4: Failure of sensor networks | 5 | 7 | 2 |
A3.5: Failure of potential of energy | 2 | 7 | 2 |
A3.6: Unauthorized readout of data stored on a remote LAN | 5 | 5 | 4 |
|
A4: Data governance | A4.1: Failure of interpretation and analysis of data | 8 | 9 | 5 |
A4.2: Failure of audit review of implemented policies and information security | 8 | 9 | 4 |
A4.3: Failure to maximize new business value | 8 | 7 | 5 |
A4.4: Failure of real-time demand forecasts | 8 | 7 | 7 |
|