|
Dimensions | Associated activities | O | S | D |
|
A1: Identification and access management | A1.1: Loss of secret keys | 4 | 6 | 3 |
A1.2: Cryptanalysis of a ciphered signal | 4 | 4 | 3 |
A1.3: Secret password divulged to any other user | 1 | 6 | 4 |
A1.4: Intentional access to network services, for example, proxy servers | 5 | 4 | 6 |
A1.5: Spoofing: impersonation of a legitimate user | 5 | 4 | 6 |
|
A2: Device and application registration | A2.1: Facility problems | 7 | 6 | 4 |
A2.2: Failure of encryption equipment | 5 | 3 | 4 |
A2.3: Unauthorized use of secure equipment | 5 | 4 | 3 |
A2.4: Ineffective infrastructure investment | 7 | 4 | 3 |
A2.5: Failure of application server | 4 | 3 | 4 |
|
A3: Infrastructure management | A3.1: Cabling problems | 5 | 4 | 3 |
A3.2: Failure of radio platform transmission | 1 | 8 | 3 |
A3.3: Failure of cipher audio (telephone) and video | 1 | 6 | 3 |
A3.4: Failure of sensor networks | 4 | 6 | 1 |
A3.5: Failure of potential of energy | 1 | 6 | 1 |
A3.6: Unauthorized readout of data stored on a remote LAN | 4 | 4 | 3 |
|
A4: Data governance | A4.1: Failure of interpretation and analysis of data | 7 | 8 | 4 |
A4.2: Failure of audit review of implemented policies and information security | 7 | 8 | 3 |
A4.3: Failure to maximize new business value | 7 | 6 | 4 |
A4.4: Failure of real-time demand forecasts | 7 | 6 | 6 |
|