DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.

Slides:



Advertisements
Similar presentations
Requirements Engineering Process
Advertisements

10-1 McGraw-Hill/Irwin Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
Museum Presentation Intermuseum Conservation Association.
ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
DNS Security and Stability Analysis Working Group (DSSA)
1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
Gaining Senior Leadership Support for Continuity of Operations
EMS Checklist (ISO model)
Risk Management Awareness Presentation
Effective Contract Management Planning
Checking & Corrective Action
Environmental Management Systems Refresher
Internal Control–Integrated Framework
Internal Control and Control Risk
Optimize tomorrow today. TM Cost and Affordability approach at Development Planning stage 1.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
Chapter 14 Fraud Risk Assessment.
Course: e-Governance Project Lifecycle Day 1
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Risk Assessment Frameworks
Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)
Session 3 – Information Security Policies
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Information Systems Controls for System Reliability -Information Security-
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
SEC835 Database and Web application security Information Security Architecture.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Business Crisis and Continuity Management (BCCM) Class Session
DSSA-WG Progress Update Dakar – October Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.
Information Systems Security Computer System Life Cycle Security.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Security, Stability & Resiliency of the DNS Review Team (SSR) Interaction with the Community.
1 Process Engineering A Systems Approach to Process Improvement Jeffrey L. Dutton Jacobs Sverdrup Advanced Systems Group Engineering Performance Improvement.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
SecSDLC Chapter 2.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Responsive Innovation for Disaster Mitigation Gordon A. Gow University of Alberta.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
IIA – Cyber Security Event Cyber Risks James Humbles June 2016.
CS457 Introduction to Information Security Systems
ISSeG Integrated Site Security for Grids WP2 - Methodology
Information Technology Sector
Introduction to the Federal Defense Acquisition Regulation
INFORMATION SYSTEMS SECURITY and CONTROL
Cyber security Policy development and implementation
Cybersecurity Threat Assessment
IT Management Services Infrastructure Services
Presentation transcript:

DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012

The DSSA has: Established a cross-constituency working group Clarified the scope of the effort Developed a protocol to handle confidential information Built a risk-assessment framework Developed risk scenarios 2

The DSSA will: Complete the risk assessment Refine the methodology Introduce the framework to a broader audience 3

4 Scope: DSSA & DNRMF The Board DNS Risk Management Framework working group

5 Scope: DSSA & DNRMF The DSSA is focusing on a subset of that framework

6 Scope: DSSA in a broader context DSSA is a part of a much larger SSR ecosystem that includes: Backend registry providers ccTLD registries CERTs DNRMF DNS- OARC ENISA FIRST gTLD registries IANA ICANN Security Team ICANN SOs and ACs IETF ISOC Network Operator Groups NRO RSAC SSAC SSR-RT And ???

7 Compound Sentence Risk Assessment Framework Based on NIST standard Tailored to meet unique ICANN requirements

8 Compound Sentence Risk Assessment Framework An adversarial threat-source (with capability, intent and targeting), OR…

9 Compound Sentence Risk Assessment Framework A non- adversarial threat-source (with a range of effects)…

10 Compound Sentence Risk Assessment Framework In the context of: Predisposing conditions (with varying pervasiveness)…

11 Compound Sentence Risk Assessment Framework … Security controls (both planned and implemented), and…

12 Compound Sentence Risk Assessment Framework … Vulnerabilities (that range in severity)…

13 Compound Sentence Risk Assessment Framework … Could initiate (with varying likelihood of initiation) a Threat Event which (with varying likelihood of impact) could result in…

14 Compound Sentence Risk Assessment Framework Adverse impacts (with varying severity and range)...

15 Compound Sentence Risk Assessment Framework All of which combined create risk to users and providers of the DNS – a combination of the nature of the impact and the likelihood that its effects will be felt.

16 Findings: 5 Broad Risk Scenarios

17 Findings: 5 Broad Risk Scenarios Gaps in policy, management or leadership splits the root

18 Findings: 5 Broad Risk Scenarios Reductive forces (security, risk-mitigation, control through rules, etc.) splits the root

19 Findings: 5 Broad Risk Scenarios Widespread natural disaster brings down the root or a major TLD

20 Findings: 5 Broad Risk Scenarios Attacks exploiting technical vulnerabilities of the DNS bring down the root or a major TLD

21 Findings: 5 Broad Risk Scenarios Inadvertent technical mishap brings down the root or a major TLD

22 Findings: 5 Broad Risk Scenarios Question: Have we missed an important topic? NOTE: If you want to share embarrassing ideas, contact Paul Vixie

23 Next phase Go deep into the five risk topics

24 Next phase Go deep into the five risk topics Refine by doing

25 Next phase Go deep into the five risk topics Refine by doing Finish assessment

26 Questions? Are we on the right track? Have we missed something important?

Detailed slides follow… 27

Adversarial Threat Sources International governance/regulatory bodies Nation states Rogue elements Geo-political groups External parties and contractors Insiders Organized crime Adversarial Threat Sources International governance/regulatory bodies Nation states Rogue elements Geo-political groups External parties and contractors Insiders Organized crime Capability (Adversarial threat sources) Very High -- The adversary has a very sophisticated level of expertise, is well-resourced, and can generate opportunities to support multiple successful, continuous, and coordinated attacks High -- The adversary has a sophisticated level of expertise, with significant resources and opportunities to support multiple successful coordinated attacks Moderate -- The adversary has moderate resources, expertise, and opportunities to support multiple successful attacks Low -- The adversary has limited resources, expertise, and opportunities to support a successful attack Very Low -- The adversary has very limited resources, expertise, and opportunities to support a successful attack Capability (Adversarial threat sources) Very High -- The adversary has a very sophisticated level of expertise, is well-resourced, and can generate opportunities to support multiple successful, continuous, and coordinated attacks High -- The adversary has a sophisticated level of expertise, with significant resources and opportunities to support multiple successful coordinated attacks Moderate -- The adversary has moderate resources, expertise, and opportunities to support multiple successful attacks Low -- The adversary has limited resources, expertise, and opportunities to support a successful attack Very Low -- The adversary has very limited resources, expertise, and opportunities to support a successful attack Intent (Adversarial threat sources) Very High -- The adversary seeks to undermine, severely impede, or destroy the DNS by exploiting a presence in an organization's information systems or infrastructure. The adversary is concerned about disclosure of tradecraft only to the extent that it would impede its ability to complete stated goals High -- The adversary seeks to undermine/impede critical aspects of the DNS, or place itself in a position to do so in the future, by maintaining a presence in an organization's information systems or infrastructure. The adversary is very concerned about minimizing attack detection/disclosure of tradecraft, particularly while preparing for future attacks Moderate -- The adversary actively seeks to obtain or modify specific critical or sensitive DNS information or usurp/disrupt DNS cyber resources by establishing a foothold in an organization's information systems or infrastructure. The adversary is concerned about minimizing attack detection/disclosure of tradecraft, particularly when carrying out attacks over long time periods. The adversary is willing to impede aspects of the DNS to achieve these ends Low -- The adversary seeks to obtain critical or sensitive DNS information or to usurp/disrupt DNS cyber resources, and does so without concern about attack detection/disclosure of tradecraft Very Low -- The adversary seeks to usurp, disrupt, or deface DNS cyber resources, and does so without concern about attack detection/disclosure of tradecraft. Intent (Adversarial threat sources) Very High -- The adversary seeks to undermine, severely impede, or destroy the DNS by exploiting a presence in an organization's information systems or infrastructure. The adversary is concerned about disclosure of tradecraft only to the extent that it would impede its ability to complete stated goals High -- The adversary seeks to undermine/impede critical aspects of the DNS, or place itself in a position to do so in the future, by maintaining a presence in an organization's information systems or infrastructure. The adversary is very concerned about minimizing attack detection/disclosure of tradecraft, particularly while preparing for future attacks Moderate -- The adversary actively seeks to obtain or modify specific critical or sensitive DNS information or usurp/disrupt DNS cyber resources by establishing a foothold in an organization's information systems or infrastructure. The adversary is concerned about minimizing attack detection/disclosure of tradecraft, particularly when carrying out attacks over long time periods. The adversary is willing to impede aspects of the DNS to achieve these ends Low -- The adversary seeks to obtain critical or sensitive DNS information or to usurp/disrupt DNS cyber resources, and does so without concern about attack detection/disclosure of tradecraft Very Low -- The adversary seeks to usurp, disrupt, or deface DNS cyber resources, and does so without concern about attack detection/disclosure of tradecraft. Targeting (Adversarial threat sources) Very High -- The adversary analyzes information obtained via reconnaissance and attacks to persistently target the DNS, focusing on specific high-value or mission- critical information, resources, supply flows, or functions; specific employees or positions; supporting infrastructure providers/suppliers; or partnering organizations High -- The adversary analyzes information obtained via reconnaissance to target persistently target the DNS, focusing on specific high-value or mission-critical information, resources, supply flows, or functions, specific employees supporting those functions, or key positions Moderate -- The adversary analyzes publicly available information to persistently target specific high-value organizations (and key positions, such as Chief Information Officer), programs, or information Low -- The adversary uses publicly available information to target a class of high- value organizations or information, and seeks targets of opportunity within that class Very Low -- The adversary may or may not target any specific organizations or classes of organizations. Targeting (Adversarial threat sources) Very High -- The adversary analyzes information obtained via reconnaissance and attacks to persistently target the DNS, focusing on specific high-value or mission- critical information, resources, supply flows, or functions; specific employees or positions; supporting infrastructure providers/suppliers; or partnering organizations High -- The adversary analyzes information obtained via reconnaissance to target persistently target the DNS, focusing on specific high-value or mission-critical information, resources, supply flows, or functions, specific employees supporting those functions, or key positions Moderate -- The adversary analyzes publicly available information to persistently target specific high-value organizations (and key positions, such as Chief Information Officer), programs, or information Low -- The adversary uses publicly available information to target a class of high- value organizations or information, and seeks targets of opportunity within that class Very Low -- The adversary may or may not target any specific organizations or classes of organizations.

Non-Adversarial Threat Sources Individual And Organizational Sources International governance/regulatory bodies Nation states Privileged users Key providers Root-Related Sources Alternate DNS roots Root scaling (SAC 46) Intentional or accidental results of DNS blocking (SAC 50) Infrastructure-Related Sources Widespread infrastructure failure Key hardware failure Earthquakes Hurricanes Tsunami Blackout/Energy Failure Snowstorm/blizzard/ice-storm Non-Adversarial Threat Sources Individual And Organizational Sources International governance/regulatory bodies Nation states Privileged users Key providers Root-Related Sources Alternate DNS roots Root scaling (SAC 46) Intentional or accidental results of DNS blocking (SAC 50) Infrastructure-Related Sources Widespread infrastructure failure Key hardware failure Earthquakes Hurricanes Tsunami Blackout/Energy Failure Snowstorm/blizzard/ice-storm Range of effect (to DNS providers) (Non-adversarial threat sources) sweeping, involving almost all DNS providers 8 -- extensive, involving most DNS providers (80%?) 5 --wide-ranging, involving a significant portion of DNS providers (30%?) 3 --limited, involving some DNS providers 1 -- minimal, involving few if any DNS providers Range of effect (to DNS providers) (Non-adversarial threat sources) sweeping, involving almost all DNS providers 8 -- extensive, involving most DNS providers (80%?) 5 --wide-ranging, involving a significant portion of DNS providers (30%?) 3 --limited, involving some DNS providers 1 -- minimal, involving few if any DNS providers

Pervasiveness Of Predisposing Conditions That Negatively Impact Risk Very High -- Applies to all organizational missions/business functions 8 -- High -- Applies to most organizational missions/business functions 5 -- Moderate -- Applies to many organizational missions/business functions 3 -- Low -- Applies to some organizational missions/business functions 1 -- Very Low -- Applies to few organizational missions/business functions Pervasiveness Of Predisposing Conditions That Negatively Impact Risk Very High -- Applies to all organizational missions/business functions 8 -- High -- Applies to most organizational missions/business functions 5 -- Moderate -- Applies to many organizational missions/business functions 3 -- Low -- Applies to some organizational missions/business functions 1 -- Very Low -- Applies to few organizational missions/business functions Predisposing Conditions Managerial Legal standing (and relative youth) of ICANN Multi-stakeholder, consensus-based decision-making model Managerial vs. operational vs. technical security skills/focus/resources Definitions of responsibility, accountability, authority between DNS providers Security project and program management skills/capacity Common ("inheritable") vs. hybrid vs. organization/system-specific controls Mechanisms for providing (and receiving) risk assurances, and establishing trust-relationships, with external entities Contractual relationships between entities Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Technical Requirement for public access to DNS information Requirements for scaling Predisposing Conditions Managerial Legal standing (and relative youth) of ICANN Multi-stakeholder, consensus-based decision-making model Managerial vs. operational vs. technical security skills/focus/resources Definitions of responsibility, accountability, authority between DNS providers Security project and program management skills/capacity Common ("inheritable") vs. hybrid vs. organization/system-specific controls Mechanisms for providing (and receiving) risk assurances, and establishing trust-relationships, with external entities Contractual relationships between entities Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Technical Requirement for public access to DNS information Requirements for scaling Pervasiveness Of Predisposing Conditions That Positively Impact Risk.1 -- Very High -- Applies to all organizational missions/business functions.3 -- High -- Applies to most organizational missions/business functions.5 -- Moderate -- Applies to many organizational missions/business functions.8 -- Low -- Applies to some organizational missions/business functions 1 -- Very Low -- Applies to few organizational missions/business functions Pervasiveness Of Predisposing Conditions That Positively Impact Risk.1 -- Very High -- Applies to all organizational missions/business functions.3 -- High -- Applies to most organizational missions/business functions.5 -- Moderate -- Applies to many organizational missions/business functions.8 -- Low -- Applies to some organizational missions/business functions 1 -- Very Low -- Applies to few organizational missions/business functions

Pervasiveness Of Controls Controls are missing 8 -- Controls are acknowledged as needed 5 -- Controls are planned or being implemented 2 -- Controls are implemented 1 -- Controls are effective Pervasiveness Of Controls Controls are missing 8 -- Controls are acknowledged as needed 5 -- Controls are planned or being implemented 2 -- Controls are implemented 1 -- Controls are effective Controls Management Controls Security Assessment and Authorization Planning Risk Assessment System and Services Acquisition Program Management Operational Controls Awareness and Training Configuration Management Contingency Planning Incident Response Maintenance Media Protection Physical and Environmental Protection Personnel Security System and Information Integrity Technical Controls Access Control Audit and Accountability Identification and Authentication System and Communications Protection Controls Management Controls Security Assessment and Authorization Planning Risk Assessment System and Services Acquisition Program Management Operational Controls Awareness and Training Configuration Management Contingency Planning Incident Response Maintenance Media Protection Physical and Environmental Protection Personnel Security System and Information Integrity Technical Controls Access Control Audit and Accountability Identification and Authentication System and Communications Protection

Vulnerabilities Managerial Interventions from outside the process Poor inter-organizational communications External relationships/dependencies Inconsistent or incorrect decisions about relative priorities of core missions and business functions Lack of effective risk-management activities Vulnerabilities arising from missing or ineffective security controls Mission/business processes (e.g., poorly defined processes, or processes that are not risk-aware) Security architectures (e.g., poor architectural decisions resulting in lack of diversity or resiliency in organizational information systems) Operational Infrastructure vulnerabilities Business continuity vulnerabilities Malicious or unintentional (erroneous) alteration of root or TLD DNS configuration information Inadequate training/awareness Inadequate incident-response Technical (Under Discussion) IDN attacks (lookalike characters etc. for standard exploitation techniques) Technical (System And Network) Recursive vs. authoritative nameserver attacks DDOS /spam Technical (Identification And Authentication) Data poisoning (MITM, Cache) Name Chaining (RFC 3833) Betrayal by Trusted Server (RFC 3833) Authority or authentication compromise Packet Interception Man in the middle Eavesdropping combined with spoofed responses Vulnerabilities Managerial Interventions from outside the process Poor inter-organizational communications External relationships/dependencies Inconsistent or incorrect decisions about relative priorities of core missions and business functions Lack of effective risk-management activities Vulnerabilities arising from missing or ineffective security controls Mission/business processes (e.g., poorly defined processes, or processes that are not risk-aware) Security architectures (e.g., poor architectural decisions resulting in lack of diversity or resiliency in organizational information systems) Operational Infrastructure vulnerabilities Business continuity vulnerabilities Malicious or unintentional (erroneous) alteration of root or TLD DNS configuration information Inadequate training/awareness Inadequate incident-response Technical (Under Discussion) IDN attacks (lookalike characters etc. for standard exploitation techniques) Technical (System And Network) Recursive vs. authoritative nameserver attacks DDOS /spam Technical (Identification And Authentication) Data poisoning (MITM, Cache) Name Chaining (RFC 3833) Betrayal by Trusted Server (RFC 3833) Authority or authentication compromise Packet Interception Man in the middle Eavesdropping combined with spoofed responses Vulnerability Severity Very High -- Relevant security control or other remediation is not implemented and not planned; or no security measure can be identified to remediate the vulnerability High -- Relevant security control or other remediation is planned but not implemented Moderate -- Relevant security control or other remediation is partially implemented and somewhat effective Low -- Relevant security control or other remediation is fully implemented and somewhat effective Very Low -- Relevant security control or other remediation is fully implemented, assessed, and effective. Vulnerability Severity Very High -- Relevant security control or other remediation is not implemented and not planned; or no security measure can be identified to remediate the vulnerability High -- Relevant security control or other remediation is planned but not implemented Moderate -- Relevant security control or other remediation is partially implemented and somewhat effective Low -- Relevant security control or other remediation is fully implemented and somewhat effective Very Low -- Relevant security control or other remediation is fully implemented, assessed, and effective.

Threat Events Zone does not resolve or is not available Zone is not correct or does not have integrity Threat Events Zone does not resolve or is not available Zone is not correct or does not have integrity Likelihood of initiation (by adversarial threat sources) Very High -- Adversary is almost certain to initiate the threat-event 8 -- High -- Adversary is highly likely to initiate the threat event 5 -- Moderate -- Adversary is somewhat likely to initiate the threat event 2 -- Low -- Adversary is unlikely to initiate the threat event 0 -- Very Low -- Adversary is highly unlikely to initiate the threat event Likelihood of initiation (by adversarial threat sources) Very High -- Adversary is almost certain to initiate the threat-event 8 -- High -- Adversary is highly likely to initiate the threat event 5 -- Moderate -- Adversary is somewhat likely to initiate the threat event 2 -- Low -- Adversary is unlikely to initiate the threat event 0 -- Very Low -- Adversary is highly unlikely to initiate the threat event Likelihood of initiation (by non-adversarial threat sources) Very high -- Error, accident, or act of nature is almost certain to occur; or occurs more than 100 times a year High -- Error, accident, or act of nature is highly likely to occur; or occurs between times a year Moderate -- Error, accident, or act of nature is somewhat likely to occur; or occurs between 1-10 times a year Low -- Error, accident, or act of nature is unlikely to occur; or occurs less than once a year, but more than once every 10 years Very Low -- Error, accident, or act of nature is highly unlikely to occur; or occurs less than once every 10 years. Likelihood of initiation (by non-adversarial threat sources) Very high -- Error, accident, or act of nature is almost certain to occur; or occurs more than 100 times a year High -- Error, accident, or act of nature is highly likely to occur; or occurs between times a year Moderate -- Error, accident, or act of nature is somewhat likely to occur; or occurs between 1-10 times a year Low -- Error, accident, or act of nature is unlikely to occur; or occurs less than once a year, but more than once every 10 years Very Low -- Error, accident, or act of nature is highly unlikely to occur; or occurs less than once every 10 years. Likelihood of impact Very High -- If the threat event is initiated or occurs, it is almost certain to have adverse impacts High -- If the threat event is initiated or occurs, it is highly likely to have adverse impacts Moderate -- If the threat event is initiated or occurs, it is somewhat likely to have adverse impacts Low -- If the threat event is initiated or occurs, it is unlikely to have adverse impacts Very Low -- If the threat event is initiated or occurs, it is highly unlikely to have adverse impacts. Likelihood of impact Very High -- If the threat event is initiated or occurs, it is almost certain to have adverse impacts High -- If the threat event is initiated or occurs, it is highly likely to have adverse impacts Moderate -- If the threat event is initiated or occurs, it is somewhat likely to have adverse impacts Low -- If the threat event is initiated or occurs, it is unlikely to have adverse impacts Very Low -- If the threat event is initiated or occurs, it is highly unlikely to have adverse impacts. DSSA default value

Adverse Impacts Harm To Nations And The World; E.G. Damage to a critical infrastructure sector Loss of government continuity of operations. Relational harms. Damage to trust relationships with other governments or with nongovernmental entities. Damage to national reputation (and hence future or potential trust relationships). Damage to current or future ability to achieve national objectives. Harm To Individuals; E.G. Identity theft (only applies to "loss of integrity" threat-event) Loss of Personally Identifiable Information (only applies to "loss of integrity" threat-event) Injury or loss of life Damage to image or reputation. Harm To Assets; E.G. Damage to or of loss of information assets. Loss of intellectual property (only applies to "loss of integrity" threat-event) Damage to or loss of physical facilities. Damage to or loss of information systems or networks. Damage to or loss of information technology or equipment. Damage to or loss of component parts or supplies. Harm To Operations/Organizations; E.G. Inability to perform current missions/business functions. - In a sufficiently timely manner. - With sufficient confidence and/or correctness. - Within planned resource constraints. Inability, or limited ability, to perform missions/business functions in the future. - Inability to restore missions/business functions. - In a sufficiently timely manner. - With sufficient confidence and/or correctness. - Within planned resource constraints. Harms (e.g., financial costs, sanctions) due to noncompliance. - With applicable laws or regulations. - With contractual requirements or other requirements in other binding agreements. Direct financial costs. Damage to trust relationships or reputation - Damage to trust relationships. - Damage to image or reputation (and hence future or potential trust relationships). Relational harms Adverse Impacts Harm To Nations And The World; E.G. Damage to a critical infrastructure sector Loss of government continuity of operations. Relational harms. Damage to trust relationships with other governments or with nongovernmental entities. Damage to national reputation (and hence future or potential trust relationships). Damage to current or future ability to achieve national objectives. Harm To Individuals; E.G. Identity theft (only applies to "loss of integrity" threat-event) Loss of Personally Identifiable Information (only applies to "loss of integrity" threat-event) Injury or loss of life Damage to image or reputation. Harm To Assets; E.G. Damage to or of loss of information assets. Loss of intellectual property (only applies to "loss of integrity" threat-event) Damage to or loss of physical facilities. Damage to or loss of information systems or networks. Damage to or loss of information technology or equipment. Damage to or loss of component parts or supplies. Harm To Operations/Organizations; E.G. Inability to perform current missions/business functions. - In a sufficiently timely manner. - With sufficient confidence and/or correctness. - Within planned resource constraints. Inability, or limited ability, to perform missions/business functions in the future. - Inability to restore missions/business functions. - In a sufficiently timely manner. - With sufficient confidence and/or correctness. - Within planned resource constraints. Harms (e.g., financial costs, sanctions) due to noncompliance. - With applicable laws or regulations. - With contractual requirements or other requirements in other binding agreements. Direct financial costs. Damage to trust relationships or reputation - Damage to trust relationships. - Damage to image or reputation (and hence future or potential trust relationships). Relational harms Range of Impact Very Broad -- The effects of the threat event are sweeping, involving almost all consumers of the DNS 8 -- Broad -- The effects of the threat event are extensive, involving most of the consumers of the DNS 5 -- Moderate -- The effects of the threat event are substantial, involving a significant portion of the consumers of the DNS 2 -- Low -- The effects of the threat event are limited, involving some consumers of the DNS but involving no critical resources The effects of the threat event are minimal or negligible, involving few if any consumers of the DNS and involving no critical resources.. Range of Impact Very Broad -- The effects of the threat event are sweeping, involving almost all consumers of the DNS 8 -- Broad -- The effects of the threat event are extensive, involving most of the consumers of the DNS 5 -- Moderate -- The effects of the threat event are substantial, involving a significant portion of the consumers of the DNS 2 -- Low -- The effects of the threat event are limited, involving some consumers of the DNS but involving no critical resources The effects of the threat event are minimal or negligible, involving few if any consumers of the DNS and involving no critical resources.. Severity Very Severe -- The threat event could be expected to have multiple severe or catastrophic adverse effects on organizational operations, organizational assets, individuals, other organizations, or the world. And in all cases there would be significant problems for registrants and users in the zone High -- The threat event could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the world Moderate -- The threat event could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals other organizations, or the world Low -- The threat event could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals other organizations, or the world Very Low -- The threat event could be expected to have a negligible adverse effect on organizational operations, organizational assets, individuals other organizations, or the world. Severity Very Severe -- The threat event could be expected to have multiple severe or catastrophic adverse effects on organizational operations, organizational assets, individuals, other organizations, or the world. And in all cases there would be significant problems for registrants and users in the zone High -- The threat event could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the world Moderate -- The threat event could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals other organizations, or the world Low -- The threat event could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals other organizations, or the world Very Low -- The threat event could be expected to have a negligible adverse effect on organizational operations, organizational assets, individuals other organizations, or the world. DSSA default value

Threat Sources Nation states Geo-political groups International governance/regulatory bodies Threat Sources Nation states Geo-political groups International governance/regulatory bodies Vulnerabilities Managerial Interventions from outside the process Poor inter-organizational communications External relationships/dependencies Inconsistent or incorrect decisions about relative priorities of core missions and business functions Lack of effective risk-management activities Mission/business processes (e.g., poorly defined processes, or processes that are not risk-aware) Vulnerabilities Managerial Interventions from outside the process Poor inter-organizational communications External relationships/dependencies Inconsistent or incorrect decisions about relative priorities of core missions and business functions Lack of effective risk-management activities Mission/business processes (e.g., poorly defined processes, or processes that are not risk-aware) Predisposing Conditions that increase risk Managerial Legal standing (and relative youth) of ICANN Definitions of responsibility, accountability, authority between DNS providers Operational Diverse operational environments and approaches Predisposing Conditions that increase risk Managerial Legal standing (and relative youth) of ICANN Definitions of responsibility, accountability, authority between DNS providers Operational Diverse operational environments and approaches Predisposing Conditions The Reduce Risk Managerial Mechanisms for providing (and receiving) risk assurances, and establishing trust-relationships, with external entities Contractual relationships between entities Operational Diverse, distributed system architecture and deployment Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Predisposing Conditions The Reduce Risk Managerial Mechanisms for providing (and receiving) risk assurances, and establishing trust-relationships, with external entities Contractual relationships between entities Operational Diverse, distributed system architecture and deployment Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Missing or Insufficient Security Controls Management Controls Planning Risk Assessment Program Management Operational Controls Awareness and Training Incident Response Missing or Insufficient Security Controls Management Controls Planning Risk Assessment Program Management Operational Controls Awareness and Training Incident Response Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone. Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone.

Threat Sources External parties and contractors -- large content and network providers International governance/regulatory bodies Threat Sources External parties and contractors -- large content and network providers International governance/regulatory bodies Vulnerabilities Managerial Interventions from outside the process Poor inter-organizational communications External relationships/dependencies Inconsistent or incorrect decisions about relative priorities of core missions and business functions Lack of effective risk-management activities Mission/business processes (e.g., poorly defined processes, or processes that are not risk-aware) Vulnerabilities Managerial Interventions from outside the process Poor inter-organizational communications External relationships/dependencies Inconsistent or incorrect decisions about relative priorities of core missions and business functions Lack of effective risk-management activities Mission/business processes (e.g., poorly defined processes, or processes that are not risk-aware) Missing or Insufficient Security Controls Management Controls Planning Risk Assessment Program Management Operational Controls Awareness and Training Missing or Insufficient Security Controls Management Controls Planning Risk Assessment Program Management Operational Controls Awareness and Training Predisposing Conditions That Reduce Risk Managerial Multi-stakeholder, consensus-based decision-making model Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Predisposing Conditions That Reduce Risk Managerial Multi-stakeholder, consensus-based decision-making model Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Predisposing Conditions That Increase Risk Managerial Legal standing (and relative youth) of ICANN Managerial vs. operational vs. technical security skills/focus/resources Definitions of responsibility, accountability, authority between DNS providers Predisposing Conditions That Increase Risk Managerial Legal standing (and relative youth) of ICANN Managerial vs. operational vs. technical security skills/focus/resources Definitions of responsibility, accountability, authority between DNS providers Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone. Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone.

Threat Sources Blackout/Energy Failure Threat Sources Blackout/Energy Failure Predisposing Conditions That Increase Risk Managerial Contractual Relationships Between Entities Operational Diverse operational environments and approaches Predisposing Conditions That Increase Risk Managerial Contractual Relationships Between Entities Operational Diverse operational environments and approaches Vulnerabilities Managerial Poor inter-organizational communications Lack of effective risk-management activities Operational Infrastructure vulnerabilities Business continuity vulnerabilities Vulnerabilities Managerial Poor inter-organizational communications Lack of effective risk-management activities Operational Infrastructure vulnerabilities Business continuity vulnerabilities Non-Adversarial Threat Sources Infrastructure-Related Sources Widespread infrastructure failure Earthquakes Hurricanes Tsunami Blackout/Energy Failure Snowstorm/blizzard/ice-storm Non-Adversarial Threat Sources Infrastructure-Related Sources Widespread infrastructure failure Earthquakes Hurricanes Tsunami Blackout/Energy Failure Snowstorm/blizzard/ice-storm Predisposing Conditions The Reduce Risk Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Predisposing Conditions The Reduce Risk Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Missing or Insufficient Security Controls Management Controls Risk Assessment Operational Controls Awareness and Training Configuration Management Contingency Planning Incident Response Physical and Environmental Protection Missing or Insufficient Security Controls Management Controls Risk Assessment Operational Controls Awareness and Training Configuration Management Contingency Planning Incident Response Physical and Environmental Protection Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone. Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone.

Adversarial Threat Sources Rogue elements Insiders Adversarial Threat Sources Rogue elements Insiders Vulnerabilities Managerial Security architectures (e.g., poor architectural decisions resulting in lack of diversity or resiliency in organizational information systems) Operational Infrastructure vulnerabilities Inadequate training/awareness Technical Vulnerabilities Vulnerabilities Managerial Security architectures (e.g., poor architectural decisions resulting in lack of diversity or resiliency in organizational information systems) Operational Infrastructure vulnerabilities Inadequate training/awareness Technical Vulnerabilities Missing or Insufficient Security Controls Management Controls Security Assessment and Authorization Operational Controls Configuration Management Incident Response Technical Controls Identification and Authentication System and Communications Protection Missing or Insufficient Security Controls Management Controls Security Assessment and Authorization Operational Controls Configuration Management Incident Response Technical Controls Identification and Authentication System and Communications Protection Predisposing Conditions That Increase Risk Managerial Mechanisms for providing (and receiving) risk assurances, and establishing trust-relationships, with external entities Contractual relationships between entities Operational Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Predisposing Conditions That Increase Risk Managerial Mechanisms for providing (and receiving) risk assurances, and establishing trust-relationships, with external entities Contractual relationships between entities Operational Culture of collaboration built on personal trust relationships Diverse operational environments and approaches Predisposing Conditions That Reduce Risk Managerial Managerial vs. operational vs. technical security skills/focus/resources Contractual relationships between entities Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Predisposing Conditions That Reduce Risk Managerial Managerial vs. operational vs. technical security skills/focus/resources Contractual relationships between entities Operational Diverse, distributed system architecture and deployment Emphasis on resiliency and redundancy Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone. Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone.

Non-Adversarial Threat Sources Infrastructure-Related Sources Key hardware, software or process failure Non-Adversarial Threat Sources Infrastructure-Related Sources Key hardware, software or process failure Vulnerabilities Managerial Vulnerabilities arising from missing or ineffective security controls Operational Malicious or unintentional (erroneous) alteration of root or TLD DNS configuration information Vulnerabilities Managerial Vulnerabilities arising from missing or ineffective security controls Operational Malicious or unintentional (erroneous) alteration of root or TLD DNS configuration information Missing or Insufficient Security Controls Operational Controls Awareness and Training Incident Response System and Information Integrity Missing or Insufficient Security Controls Operational Controls Awareness and Training Incident Response System and Information Integrity Predisposing Conditions That Reduce Risk Managerial Managerial vs. operational vs. technical security skills/focus/resources Security project and program management skills/capacity Operational Emphasis on resiliency and redundancy Diverse operational environments and approaches Predisposing Conditions That Reduce Risk Managerial Managerial vs. operational vs. technical security skills/focus/resources Security project and program management skills/capacity Operational Emphasis on resiliency and redundancy Diverse operational environments and approaches Predisposing Conditions That Increase Risk Operational Chain of trust single point of failure Technical Reliance on immature or custom built DNSSEC technologies Predisposing Conditions That Increase Risk Operational Chain of trust single point of failure Technical Reliance on immature or custom built DNSSEC technologies Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone. Threat Events Zone does not resolve or is not available Zone is incorrect or does not have integrity Adverse Impacts In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.