Welcome to NBlog, the NoticeBored blog

Bored of the same old same old? Here's something a bit different.

May 30, 2005

US DoD threat analysis

The US Department of Defense clearly faces some serious information security risks. According to this presentation about security policies by ex-military man and honeynet security guru Lance Spitzner, the DoD recognizes seven levels of threat. “T1: Inadvertent or accidental events e.g. tripping over the power cord. T2: Passive, casual adversary with minimal resources who is willing to take little risk e.g. listening. T3: Adversary with minimal resources who is willing to take significant risk e.g. unsophisticated hackers. T4: Sophisticated adversary with moderate resources who is willing to take little risk e.g. organized crime, sophisticated hackers, international corporations. T5: Sophisticated adversary with moderate resources who is willing to take significant risk e.g. international terrorists. T6: Extremely sophisticated adversary with abundant resources who is willing to take little risk e.g. well-funded national laboratory, nation-state, and international corporation. T7: Extremely sophisticated adversary with abundant resources who is willing to take extreme risk e.g. nation-states in time of crisis.” Another way of looking at this is as a maturity model for information security. Is your organization ready to face threats at level T4 or T5? Can you afford to address T6?
More risk management resources

No comments:

Post a Comment