fips191_31
FIPS PUB 191
The degree to which threats are considered will depend on the defined boundary and scope
defined for the risk management process. A high level analysis may point to threats and
vulnerabilities in general terms; a more focused analysis may tie a threat to a specific component
or usage of the LAN. For example a high level analysis may indicate that the consequence due
to loss of data confidentiality through disclosure of information on the LAN is too great a risk.
A more narrowly focused analysis may indicate that the consequence due to disclosure of
personnel data captured and read through LAN transmission is too great a risk. More than likely,
the generality of the threats produced in the high level analysis, will, in the end, produce
safeguard recommendations that will also be high level. This is acceptable if the risk assessment
was scoped at a high level. The more narrowly focused assessment will produce a safeguard that
can specifically reduce a given risk, such as the disclosure of personnel data.
The threats and vulnerabilities discussed in Section 2 may be used as a starting point, with other
sources included where appropriate. New threats and vulnerabilities should be addressed when
they are encountered. Any asset of the LAN that was determined to be important enough (i.e.,
was not filtered through the screening process) should be examined to determine those threats
that could potentially harm it. For more focused assessments, particular attention should be paid
to detailing the ways that these threats could occur. For example, methods of attack that result
in unauthorized access may be from a login session playback, password cracking, the attachment
of unauthorized equipment to the LAN, etc. These specifics provide more information in
determining LAN vulnerabilities and will provide more information for proposing safeguards.
This process may uncover some vulnerabilities that can be corrected by improving LAN
management and operational controls immediately. These improved controls will usually reduce
the risk of the threat by some degree, until such time that more thorough improvements are
planned and implemented. For example, increasing the length and composition of the password
for authentication may be one way to reduce a vulnerability to guessing passwords. Using more
robust passwords is a measure that can be quickly implemented to increases the security of the
LAN. Concurrently, the planning and implementation of a more advanced authentication
mechanism can occur.
Existing LAN security controls should be
Figure 3.4 Assigning Likelihood Measure
The likelihood
of the threat occurring can be
normalized as a value that ranges from 1 to 3. A 1
will indicate a low likelihood, a 2 will indicate a
moderate likelihood and a 3 will indicate a high
likelihood.
analyzed to determine if they are currently
providing adequate protection. These controls
may be technical, procedural, etc. If a control
is not providing adequate protection, it can be
considered a vulnerability. For example, a
LAN operating system may provide access
control to the directory level, rather than the
file level.
For some users, the threat of
compromise of information may be too great not to have file level protection. In this example,
the lack of granularity in the access control could be considered a vulnerability.
33