In Computer Security a countermeasure
is an action, device, procedure, or technique that reduces a threat, a
vulnerability, or an attack by eliminating or preventing it, by
minimizing the harm it can cause, or by discovering and reporting it so
that corrective action can be taken.
The definition is as IETF RFC 2828
that is the same as CNSS Instruction No. 4009 dated 26 April 2010 by
Committee on National Security Systems of United States of America
According to the Glossary by InfosecToday, the meaning of countermeasure is:
- The deployment of a set of security services to protect against a security threat.
A synonym is security control. In telecommunications, communication countermeasures are defined as Security services as part of OSI Reference model
by ITU-T X.800 Recommendation. X.800 and ISO ISO 7498-2 (Information
processing systems – Open systems interconnection – Basic Reference
Model – Part 2: Security architecture are technically aligned.
The following picture explain the relationships between these concepts and terms:
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<=================>||<========> | |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
A
resource (both physical or logical) can have one or more
vulnerabilities that can be exploited by a threat agent in a threat
action. The result can potentially compromises the Confidentiality,
Integrity or Availability
properties of resources (potentially different that the vulnerable one)
of the organization and others involved parties (customers, suppliers).
The so called CIA triad is the basis of Information Security.
The attack can be active when it attempts to alter system resources
or affect their operation: so it compromises Integrity or Availability.
A "passive attack" attempts to learn or make use of information from
the system but does not affect system resources: so it compromises
Confidentiality.
A Threat is a potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could breach
security and cause harm. That is, a threat is a possible danger that
might exploit a vulnerability. A threat can be either "intentional"
(i.e., intelligent; e.g., an individual cracker or a criminal
organization) or "accidental" (e.g., the possibility of a computer
malfunctioning, or the possibility of an "act of God" such as an
earthquake, a fire, or a tornado).
A
set of policies concerned with information security management, the
information security management systems (ISMS), has been developed to
manage, according to Risk management
principles, the countermeasures in order to accomplish to a security
strategy set up following rules and regulations applicable in a country.
Tidak ada komentar:
Posting Komentar