Date: May 6, 2024, 8:37:29 AM
Date: Aug 3, 2022, 11:34:34 AM
Editor: Juan
Name:
Name: Internet of Things - IoT [EN]
Description:
Description: Object composed by the assets that are on a classical architecture of an IoT
| t | 1 | {} | t | 1 | { |
| 2 | "object": { | ||||
| 3 | "asset": { | ||||
| 4 | "amvs": [], | ||||
| 5 | "asset": { | ||||
| 6 | "code": "CONT", | ||||
| 7 | "description": "Asset container", | ||||
| 8 | "label": "Container", | ||||
| 9 | "language": "EN", | ||||
| 10 | "type": "Primary", | ||||
| 11 | "uuid": "d2023c8f-44d1-11e9-a78c-0800277f0571", | ||||
| 12 | "version": 0 | ||||
| 13 | }, | ||||
| 14 | "measures": [], | ||||
| 15 | "threats": [], | ||||
| 16 | "vuls": [] | ||||
| 17 | }, | ||||
| 18 | "children": [ | ||||
| 19 | { | ||||
| 20 | "asset": { | ||||
| 21 | "amvs": [ | ||||
| 22 | { | ||||
| 23 | "asset": "4447ebac-6831-4617-a653-4aedfe235faf", | ||||
| 24 | "threat": "b402d5f5-4576-11e9-9173-0800277f0571", | ||||
| 25 | "uuid": "26c8f378-14a7-4dda-885e-4e371ce0ed99", | ||||
| 26 | "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
| 27 | } | ||||
| 28 | ], | ||||
| 29 | "asset": { | ||||
| 30 | "code": "OV_IOT_ACTUATORS", | ||||
| 31 | "description": "", | ||||
| 32 | "label": "IoT - Actuators", | ||||
| 33 | "language": "EN", | ||||
| 34 | "type": "Secondary", | ||||
| 35 | "uuid": "4447ebac-6831-4617-a653-4aedfe235faf", | ||||
| 36 | "version": 0 | ||||
| 37 | }, | ||||
| 38 | "measures": [], | ||||
| 39 | "threats": [ | ||||
| 40 | { | ||||
| 41 | "a": false, | ||||
| 42 | "c": false, | ||||
| 43 | "code": "MDA18", | ||||
| 44 | "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", | ||||
| 45 | "i": true, | ||||
| 46 | "label": "Data from untrustworthy sources", | ||||
| 47 | "language": "EN", | ||||
| 48 | "theme": "Compromise of information", | ||||
| 49 | "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" | ||||
| 50 | } | ||||
| 51 | ], | ||||
| 52 | "vuls": [ | ||||
| 53 | { | ||||
| 54 | "code": "1094", | ||||
| 55 | "description": "", | ||||
| 56 | "label": "The system allows information to be sent and received without authentication of the senders or recipients", | ||||
| 57 | "language": "EN", | ||||
| 58 | "mode": 0, | ||||
| 59 | "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
| 60 | } | ||||
| 61 | ] | ||||
| 62 | }, | ||||
| 63 | "children": [], | ||||
| 64 | "object": { | ||||
| 65 | "label": "Actuator", | ||||
| 66 | "language": "EN", | ||||
| 67 | "name": "Actuator", | ||||
| 68 | "scope": "local", | ||||
| 69 | "uuid": "5581f4e4-75ea-4fe0-ac43-a4d8311ab6bf", | ||||
| 70 | "version": 0 | ||||
| 71 | }, | ||||
| 72 | "rolfRisks": [], | ||||
| 73 | "rolfTags": [] | ||||
| 74 | }, | ||||
| 75 | { | ||||
| 76 | "asset": { | ||||
| 77 | "amvs": [ | ||||
| 78 | { | ||||
| 79 | "asset": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", | ||||
| 80 | "threat": "b402d5af-4576-11e9-9173-0800277f0571", | ||||
| 81 | "uuid": "d1140297-6b68-4ccf-9716-665c0b3d4306", | ||||
| 82 | "vulnerability": "69fc0555-4591-11e9-9173-0800277f0571" | ||||
| 83 | } | ||||
| 84 | ], | ||||
| 85 | "asset": { | ||||
| 86 | "code": "OV_IOT_DEVICE", | ||||
| 87 | "description": "", | ||||
| 88 | "label": "IoT - Physical part of the IoT", | ||||
| 89 | "language": "EN", | ||||
| 90 | "type": "Secondary", | ||||
| 91 | "uuid": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", | ||||
| 92 | "version": 0 | ||||
| 93 | }, | ||||
| 94 | "measures": [], | ||||
| 95 | "threats": [ | ||||
| 96 | { | ||||
| 97 | "a": true, | ||||
| 98 | "c": true, | ||||
| 99 | "code": "MD36", | ||||
| 100 | "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.", | ||||
| 101 | "i": false, | ||||
| 102 | "label": "Theft or destruction of media, documents or equipment", | ||||
| 103 | "language": "EN", | ||||
| 104 | "theme": "Compromise of information", | ||||
| 105 | "uuid": "b402d5af-4576-11e9-9173-0800277f0571" | ||||
| 106 | } | ||||
| 107 | ], | ||||
| 108 | "vuls": [ | ||||
| 109 | { | ||||
| 110 | "code": "1183", | ||||
| 111 | "description": "Can unauthorised persons access information without physical barriers?Is it easy to access? Are the premises public? Is there a passage or corridor nearby?", | ||||
| 112 | "label": "Persons without a service reason can gain access", | ||||
| 113 | "language": "EN", | ||||
| 114 | "mode": 0, | ||||
| 115 | "uuid": "69fc0555-4591-11e9-9173-0800277f0571" | ||||
| 116 | } | ||||
| 117 | ] | ||||
| 118 | }, | ||||
| 119 | "children": [], | ||||
| 120 | "object": { | ||||
| 121 | "label": "Device", | ||||
| 122 | "language": "EN", | ||||
| 123 | "name": "Device", | ||||
| 124 | "scope": "local", | ||||
| 125 | "uuid": "59617857-43b1-4660-b571-3f75fa22a1ae", | ||||
| 126 | "version": 0 | ||||
| 127 | }, | ||||
| 128 | "rolfRisks": [], | ||||
| 129 | "rolfTags": [] | ||||
| 130 | }, | ||||
| 131 | { | ||||
| 132 | "asset": { | ||||
| 133 | "amvs": [ | ||||
| 134 | { | ||||
| 135 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
| 136 | "threat": "b402d513-4576-11e9-9173-0800277f0571", | ||||
| 137 | "uuid": "7f9fb547-4f02-11e9-b3ea-0800277f0571", | ||||
| 138 | "vulnerability": "69fc04ed-4591-11e9-9173-0800277f0571" | ||||
| 139 | }, | ||||
| 140 | { | ||||
| 141 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
| 142 | "threat": "b402d5ea-4576-11e9-9173-0800277f0571", | ||||
| 143 | "uuid": "7f9fb55e-4f02-11e9-b3ea-0800277f0571", | ||||
| 144 | "vulnerability": "69fc0627-4591-11e9-9173-0800277f0571" | ||||
| 145 | }, | ||||
| 146 | { | ||||
| 147 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
| 148 | "threat": "b402d513-4576-11e9-9173-0800277f0571", | ||||
| 149 | "uuid": "7f9fb58d-4f02-11e9-b3ea-0800277f0571", | ||||
| 150 | "vulnerability": "69fc05b4-4591-11e9-9173-0800277f0571" | ||||
| 151 | }, | ||||
| 152 | { | ||||
| 153 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
| 154 | "threat": "b402d5d5-4576-11e9-9173-0800277f0571", | ||||
| 155 | "uuid": "d2522441-1a7b-456f-8b4b-8f2d6b586632", | ||||
| 156 | "vulnerability": "69fc051f-4591-11e9-9173-0800277f0571" | ||||
| 157 | } | ||||
| 158 | ], | ||||
| 159 | "asset": { | ||||
| 160 | "code": "OV_MAINTENANCE", | ||||
| 161 | "description": "Software maintenance", | ||||
| 162 | "label": "Software maintenance", | ||||
| 163 | "language": "EN", | ||||
| 164 | "type": "Secondary", | ||||
| 165 | "uuid": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
| 166 | "version": 0 | ||||
| 167 | }, | ||||
| 168 | "measures": [], | ||||
| 169 | "threats": [ | ||||
| 170 | { | ||||
| 171 | "a": true, | ||||
| 172 | "c": false, | ||||
| 173 | "code": "MA15", | ||||
| 174 | "description": "Design error, installation error or operating error committed during modification causing incorrect execution.", | ||||
| 175 | "i": true, | ||||
| 176 | "label": "Software malfunction", | ||||
| 177 | "language": "EN", | ||||
| 178 | "theme": "Technical failures", | ||||
| 179 | "uuid": "b402d513-4576-11e9-9173-0800277f0571" | ||||
| 180 | }, | ||||
| 181 | { | ||||
| 182 | "a": true, | ||||
| 183 | "c": true, | ||||
| 184 | "code": "MDA17", | ||||
| 185 | "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.", | ||||
| 186 | "i": true, | ||||
| 187 | "label": "Abuse of rights", | ||||
| 188 | "language": "EN", | ||||
| 189 | "theme": "Compromise of functions", | ||||
| 190 | "uuid": "b402d5ea-4576-11e9-9173-0800277f0571" | ||||
| 191 | }, | ||||
| 192 | { | ||||
| 193 | "a": true, | ||||
| 194 | "c": true, | ||||
| 195 | "code": "MDA13", | ||||
| 196 | "description": "Unwanted software that is doing operations seeking to harm the company.", | ||||
| 197 | "i": true, | ||||
| 198 | "label": "Malware infection", | ||||
| 199 | "language": "EN", | ||||
| 200 | "theme": "Compromise of information", | ||||
| 201 | "uuid": "b402d5d5-4576-11e9-9173-0800277f0571" | ||||
| 202 | } | ||||
| 203 | ], | ||||
| 204 | "vuls": [ | ||||
| 205 | { | ||||
| 206 | "code": "1172", | ||||
| 207 | "description": "Are there formal contractual agreements with the main third parties?Are there intervention rules? People's names? Timeframes?", | ||||
| 208 | "label": "No SLAs with third parties (internal or external)", | ||||
| 209 | "language": "EN", | ||||
| 210 | "mode": 0, | ||||
| 211 | "uuid": "69fc04ed-4591-11e9-9173-0800277f0571" | ||||
| 212 | }, | ||||
| 213 | { | ||||
| 214 | "code": "1224", | ||||
| 215 | "description": "Link permanently maintainedUnencrypted exchangesNo record", | ||||
| 216 | "label": "The supplier does not manage remote maintenance properly", | ||||
| 217 | "language": "EN", | ||||
| 218 | "mode": 0, | ||||
| 219 | "uuid": "69fc0627-4591-11e9-9173-0800277f0571" | ||||
| 220 | }, | ||||
| 221 | { | ||||
| 222 | "code": "1213", | ||||
| 223 | "description": "Is change management for software or the IT system correct?Is there planning for changes? Cost estimates? Tests before production begins?", | ||||
| 224 | "label": "Problems in change management or software maintenance", | ||||
| 225 | "language": "EN", | ||||
| 226 | "mode": 0, | ||||
| 227 | "uuid": "69fc05b4-4591-11e9-9173-0800277f0571" | ||||
| 228 | }, | ||||
| 229 | { | ||||
| 230 | "code": "1178", | ||||
| 231 | "description": "Is there a procedure? Is it formal?How frequently is it implemented? Who is in charge?Are tests performed? Before? After?", | ||||
| 232 | "label": "Update management (patches) is flawed", | ||||
| 233 | "language": "EN", | ||||
| 234 | "mode": 0, | ||||
| 235 | "uuid": "69fc051f-4591-11e9-9173-0800277f0571" | ||||
| 236 | } | ||||
| 237 | ] | ||||
| 238 | }, | ||||
| 239 | "children": [], | ||||
| 240 | "object": { | ||||
| 241 | "label": "Operating system", | ||||
| 242 | "language": "EN", | ||||
| 243 | "name": "Operating system", | ||||
| 244 | "scope": "local", | ||||
| 245 | "uuid": "4b31e8dd-24d8-4780-aa62-d5f4fff53760", | ||||
| 246 | "version": 0 | ||||
| 247 | }, | ||||
| 248 | "rolfRisks": [], | ||||
| 249 | "rolfTags": [] | ||||
| 250 | }, | ||||
| 251 | { | ||||
| 252 | "asset": { | ||||
| 253 | "amvs": [ | ||||
| 254 | { | ||||
| 255 | "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", | ||||
| 256 | "threat": "b402d5df-4576-11e9-9173-0800277f0571", | ||||
| 257 | "uuid": "02c8ec95-756a-447b-916b-312b29c2e43c", | ||||
| 258 | "vulnerability": "69fc0101-4591-11e9-9173-0800277f0571" | ||||
| 259 | }, | ||||
| 260 | { | ||||
| 261 | "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", | ||||
| 262 | "threat": "b402d557-4576-11e9-9173-0800277f0571", | ||||
| 263 | "uuid": "4896c568-6eb2-4454-9d80-bad8f8106a0f", | ||||
| 264 | "vulnerability": "69fc0952-4591-11e9-9173-0800277f0571" | ||||
| 265 | } | ||||
| 266 | ], | ||||
| 267 | "asset": { | ||||
| 268 | "code": "OV_IOT_NETWORK_INTERFACE", | ||||
| 269 | "description": "IoT - Network interface", | ||||
| 270 | "label": "IoT - Interface réseau", | ||||
| 271 | "language": "EN", | ||||
| 272 | "type": "Secondary", | ||||
| 273 | "uuid": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", | ||||
| 274 | "version": 0 | ||||
| 275 | }, | ||||
| 276 | "measures": [], | ||||
| 277 | "threats": [ | ||||
| 278 | { | ||||
| 279 | "a": true, | ||||
| 280 | "c": false, | ||||
| 281 | "code": "MDA16", | ||||
| 282 | "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.", | ||||
| 283 | "i": false, | ||||
| 284 | "label": "Saturation of the information system", | ||||
| 285 | "language": "EN", | ||||
| 286 | "theme": "Technical failures", | ||||
| 287 | "uuid": "b402d5df-4576-11e9-9173-0800277f0571" | ||||
| 288 | }, | ||||
| 289 | { | ||||
| 290 | "a": false, | ||||
| 291 | "c": true, | ||||
| 292 | "code": "MD15", | ||||
| 293 | "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", | ||||
| 294 | "i": false, | ||||
| 295 | "label": "Eavesdropping", | ||||
| 296 | "language": "EN", | ||||
| 297 | "theme": "Compromise of functions", | ||||
| 298 | "uuid": "b402d557-4576-11e9-9173-0800277f0571" | ||||
| 299 | } | ||||
| 300 | ], | ||||
| 301 | "vuls": [ | ||||
| 302 | { | ||||
| 303 | "code": "1070", | ||||
| 304 | "description": "", | ||||
| 305 | "label": "Incorrect sizing of resources (e.g. too many users for the number of connections possible and the passband)", | ||||
| 306 | "language": "EN", | ||||
| 307 | "mode": 0, | ||||
| 308 | "uuid": "69fc0101-4591-11e9-9173-0800277f0571" | ||||
| 309 | }, | ||||
| 310 | { | ||||
| 311 | "code": "210", | ||||
| 312 | "description": "", | ||||
| 313 | "label": "Equipment with a communication interface that can be eavesdropped (infrared, 802.11, Bluetooth, etc.)", | ||||
| 314 | "language": "EN", | ||||
| 315 | "mode": 0, | ||||
| 316 | "uuid": "69fc0952-4591-11e9-9173-0800277f0571" | ||||
| 317 | } | ||||
| 318 | ] | ||||
| 319 | }, | ||||
| 320 | "children": [], | ||||
| 321 | "object": { | ||||
| 322 | "label": "Communication interface", | ||||
| 323 | "language": "EN", | ||||
| 324 | "name": "Communication interface", | ||||
| 325 | "scope": "local", | ||||
| 326 | "uuid": "926e6d32-9bca-4675-b817-b572f5947072", | ||||
| 327 | "version": 0 | ||||
| 328 | }, | ||||
| 329 | "rolfRisks": [], | ||||
| 330 | "rolfTags": [] | ||||
| 331 | }, | ||||
| 332 | { | ||||
| 333 | "asset": { | ||||
| 334 | "amvs": [ | ||||
| 335 | { | ||||
| 336 | "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", | ||||
| 337 | "threat": "b402d5c9-4576-11e9-9173-0800277f0571", | ||||
| 338 | "uuid": "5cf11c67-0843-4dec-bb0e-c649d97a2bc4", | ||||
| 339 | "vulnerability": "69fc057e-4591-11e9-9173-0800277f0571" | ||||
| 340 | }, | ||||
| 341 | { | ||||
| 342 | "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", | ||||
| 343 | "threat": "b402d620-4576-11e9-9173-0800277f0571", | ||||
| 344 | "uuid": "a162b328-c313-4464-80ba-f1db359d7655", | ||||
| 345 | "vulnerability": "69fc0f0d-4591-11e9-9173-0800277f0571" | ||||
| 346 | } | ||||
| 347 | ], | ||||
| 348 | "asset": { | ||||
| 349 | "code": "OV_IOT_STORAGE_LOCAL", | ||||
| 350 | "description": "", | ||||
| 351 | "label": "IoT - Local Storage", | ||||
| 352 | "language": "EN", | ||||
| 353 | "type": "Secondary", | ||||
| 354 | "uuid": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", | ||||
| 355 | "version": 0 | ||||
| 356 | }, | ||||
| 357 | "measures": [], | ||||
| 358 | "threats": [ | ||||
| 359 | { | ||||
| 360 | "a": false, | ||||
| 361 | "c": true, | ||||
| 362 | "code": "MDA12", | ||||
| 363 | "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.", | ||||
| 364 | "i": false, | ||||
| 365 | "label": "Retrieval of recycled or discarded media", | ||||
| 366 | "language": "EN", | ||||
| 367 | "theme": "Compromise of information", | ||||
| 368 | "uuid": "b402d5c9-4576-11e9-9173-0800277f0571" | ||||
| 369 | }, | ||||
| 370 | { | ||||
| 371 | "a": true, | ||||
| 372 | "c": false, | ||||
| 373 | "code": "MDA29", | ||||
| 374 | "description": "Event causing destruction of equipment or media.", | ||||
| 375 | "i": false, | ||||
| 376 | "label": "Destruction of equipment or supports", | ||||
| 377 | "language": "EN", | ||||
| 378 | "theme": "Physical damage", | ||||
| 379 | "uuid": "b402d620-4576-11e9-9173-0800277f0571" | ||||
| 380 | } | ||||
| 381 | ], | ||||
| 382 | "vuls": [ | ||||
| 383 | { | ||||
| 384 | "code": "1191", | ||||
| 385 | "description": "Is there a formal procedure?Is it followed?Is the disposal line correct?", | ||||
| 386 | "label": "Disposal is not carried out properly", | ||||
| 387 | "language": "EN", | ||||
| 388 | "mode": 0, | ||||
| 389 | "uuid": "69fc057e-4591-11e9-9173-0800277f0571" | ||||
| 390 | }, | ||||
| 391 | { | ||||
| 392 | "code": "283", | ||||
| 393 | "description": "", | ||||
| 394 | "label": "No back-up of data contained on the media", | ||||
| 395 | "language": "EN", | ||||
| 396 | "mode": 0, | ||||
| 397 | "uuid": "69fc0f0d-4591-11e9-9173-0800277f0571" | ||||
| 398 | } | ||||
| 399 | ] | ||||
| 400 | }, | ||||
| 401 | "children": [], | ||||
| 402 | "object": { | ||||
| 403 | "label": "Local storage", | ||||
| 404 | "language": "EN", | ||||
| 405 | "name": "Local storage", | ||||
| 406 | "scope": "local", | ||||
| 407 | "uuid": "7da319ff-851c-414f-bb76-50cfc48254b5", | ||||
| 408 | "version": 0 | ||||
| 409 | }, | ||||
| 410 | "rolfRisks": [], | ||||
| 411 | "rolfTags": [] | ||||
| 412 | }, | ||||
| 413 | { | ||||
| 414 | "asset": { | ||||
| 415 | "amvs": [ | ||||
| 416 | { | ||||
| 417 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 418 | "threat": "b402d4e0-4576-11e9-9173-0800277f0571", | ||||
| 419 | "uuid": "1631becd-9756-46f3-b23d-a3d93bac3fab", | ||||
| 420 | "vulnerability": "69fc0515-4591-11e9-9173-0800277f0571" | ||||
| 421 | }, | ||||
| 422 | { | ||||
| 423 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 424 | "threat": "b402d600-4576-11e9-9173-0800277f0571", | ||||
| 425 | "uuid": "7f9fb735-4f02-11e9-b3ea-0800277f0571", | ||||
| 426 | "vulnerability": "69fc04e2-4591-11e9-9173-0800277f0571" | ||||
| 427 | }, | ||||
| 428 | { | ||||
| 429 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 430 | "threat": "b402d530-4576-11e9-9173-0800277f0571", | ||||
| 431 | "uuid": "7f9fb74c-4f02-11e9-b3ea-0800277f0571", | ||||
| 432 | "vulnerability": "69fc04c4-4591-11e9-9173-0800277f0571" | ||||
| 433 | }, | ||||
| 434 | { | ||||
| 435 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 436 | "threat": "b402d530-4576-11e9-9173-0800277f0571", | ||||
| 437 | "uuid": "7f9fb763-4f02-11e9-b3ea-0800277f0571", | ||||
| 438 | "vulnerability": "69fc04d1-4591-11e9-9173-0800277f0571" | ||||
| 439 | }, | ||||
| 440 | { | ||||
| 441 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 442 | "threat": "b402d600-4576-11e9-9173-0800277f0571", | ||||
| 443 | "uuid": "7f9fb77a-4f02-11e9-b3ea-0800277f0571", | ||||
| 444 | "vulnerability": "69fc061d-4591-11e9-9173-0800277f0571" | ||||
| 445 | }, | ||||
| 446 | { | ||||
| 447 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 448 | "threat": "b402d58f-4576-11e9-9173-0800277f0571", | ||||
| 449 | "uuid": "7f9fb7a9-4f02-11e9-b3ea-0800277f0571", | ||||
| 450 | "vulnerability": "69fc1924-4591-11e9-9173-0800277f0571" | ||||
| 451 | }, | ||||
| 452 | { | ||||
| 453 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 454 | "threat": "b402d557-4576-11e9-9173-0800277f0571", | ||||
| 455 | "uuid": "7f9fb7ca-4f02-11e9-b3ea-0800277f0571", | ||||
| 456 | "vulnerability": "69fc0560-4591-11e9-9173-0800277f0571" | ||||
| 457 | } | ||||
| 458 | ], | ||||
| 459 | "asset": { | ||||
| 460 | "code": "OV_LOGICIEL", | ||||
| 461 | "description": "Business application", | ||||
| 462 | "label": "Software", | ||||
| 463 | "language": "EN", | ||||
| 464 | "type": "Secondary", | ||||
| 465 | "uuid": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
| 466 | "version": 0 | ||||
| 467 | }, | ||||
| 468 | "measures": [], | ||||
| 469 | "threats": [ | ||||
| 470 | { | ||||
| 471 | "a": true, | ||||
| 472 | "c": true, | ||||
| 473 | "code": "MA11", | ||||
| 474 | "description": "A person commits an operating error, input error or utilisation error on hardware or software.", | ||||
| 475 | "i": true, | ||||
| 476 | "label": "Error in use", | ||||
| 477 | "language": "EN", | ||||
| 478 | "theme": "Compromise of functions", | ||||
| 479 | "uuid": "b402d4e0-4576-11e9-9173-0800277f0571" | ||||
| 480 | }, | ||||
| 481 | { | ||||
| 482 | "a": false, | ||||
| 483 | "c": true, | ||||
| 484 | "code": "MDA20", | ||||
| 485 | "description": "Person who voluntarily or negligently disclosure information.", | ||||
| 486 | "i": false, | ||||
| 487 | "label": "Disclosure", | ||||
| 488 | "language": "EN", | ||||
| 489 | "theme": "Compromise of information", | ||||
| 490 | "uuid": "b402d600-4576-11e9-9173-0800277f0571" | ||||
| 491 | }, | ||||
| 492 | { | ||||
| 493 | "a": true, | ||||
| 494 | "c": true, | ||||
| 495 | "code": "MD14", | ||||
| 496 | "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.", | ||||
| 497 | "i": true, | ||||
| 498 | "label": "Forging of rights", | ||||
| 499 | "language": "EN", | ||||
| 500 | "theme": "Compromise of functions", | ||||
| 501 | "uuid": "b402d530-4576-11e9-9173-0800277f0571" | ||||
| 502 | }, | ||||
| 503 | { | ||||
| 504 | "a": false, | ||||
| 505 | "c": false, | ||||
| 506 | "code": "MD24", | ||||
| 507 | "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation.", | ||||
| 508 | "i": true, | ||||
| 509 | "label": "Denial of actions", | ||||
| 510 | "language": "EN", | ||||
| 511 | "theme": "Compromise of functions", | ||||
| 512 | "uuid": "b402d58f-4576-11e9-9173-0800277f0571" | ||||
| 513 | }, | ||||
| 514 | { | ||||
| 515 | "a": false, | ||||
| 516 | "c": true, | ||||
| 517 | "code": "MD15", | ||||
| 518 | "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", | ||||
| 519 | "i": false, | ||||
| 520 | "label": "Eavesdropping", | ||||
| 521 | "language": "EN", | ||||
| 522 | "theme": "Compromise of functions", | ||||
| 523 | "uuid": "b402d557-4576-11e9-9173-0800277f0571" | ||||
| 524 | } | ||||
| 525 | ], | ||||
| 526 | "vuls": [ | ||||
| 527 | { | ||||
| 528 | "code": "1177", | ||||
| 529 | "description": "Does the software's design cause users problems?Is it complicated to understand or use?Does training or adaptation take a long time? Are there any known errors?", | ||||
| 530 | "label": "Tools or programs are not adapted for use or are not ergonomic", | ||||
| 531 | "language": "EN", | ||||
| 532 | "mode": 0, | ||||
| 533 | "uuid": "69fc0515-4591-11e9-9173-0800277f0571" | ||||
| 534 | }, | ||||
| 535 | { | ||||
| 536 | "code": "1168", | ||||
| 537 | "description": "Are all authorisations granted in compliance with this principle?", | ||||
| 538 | "label": "The need-to-know principle is not respected", | ||||
| 539 | "language": "EN", | ||||
| 540 | "mode": 0, | ||||
| 541 | "uuid": "69fc04e2-4591-11e9-9173-0800277f0571" | ||||
| 542 | }, | ||||
| 543 | { | ||||
| 544 | "code": "1166", | ||||
| 545 | "description": "Is there a formal procedure?Who authorises access?Is the four-eyes principle followed?", | ||||
| 546 | "label": "Authorisation management is flawed", | ||||
| 547 | "language": "EN", | ||||
| 548 | "mode": 0, | ||||
| 549 | "uuid": "69fc04c4-4591-11e9-9173-0800277f0571" | ||||
| 550 | }, | ||||
| 551 | { | ||||
| 552 | "code": "1167", | ||||
| 553 | "description": "Is there a password policy?Are there good practices (length, complexity, change, etc.)?Is there one account per person?Are there shared accounts?", | ||||
| 554 | "label": "User authentication is not ensured", | ||||
| 555 | "language": "EN", | ||||
| 556 | "mode": 0, | ||||
| 557 | "uuid": "69fc04d1-4591-11e9-9173-0800277f0571" | ||||
| 558 | }, | ||||
| 559 | { | ||||
| 560 | "code": "1221", | ||||
| 561 | "description": "Can data be exported?Also in a structured format (XLS, CSV, XML, etc.)?", | ||||
| 562 | "label": "User rights allow information to be exported", | ||||
| 563 | "language": "EN", | ||||
| 564 | "mode": 0, | ||||
| 565 | "uuid": "69fc061d-4591-11e9-9173-0800277f0571" | ||||
| 566 | }, | ||||
| 567 | { | ||||
| 568 | "code": "50", | ||||
| 569 | "description": "Are there logs?Are they sufficient in terms of the checks to be carried out?", | ||||
| 570 | "label": "No storage of activity tracks", | ||||
| 571 | "language": "EN", | ||||
| 572 | "mode": 0, | ||||
| 573 | "uuid": "69fc1924-4591-11e9-9173-0800277f0571" | ||||
| 574 | }, | ||||
| 575 | { | ||||
| 576 | "code": "1184", | ||||
| 577 | "description": "Is the method of communication encrypted?Could third parties access the method of communication?", | ||||
| 578 | "label": "Use of an unsecured method of communication", | ||||
| 579 | "language": "EN", | ||||
| 580 | "mode": 0, | ||||
| 581 | "uuid": "69fc0560-4591-11e9-9173-0800277f0571" | ||||
| 582 | } | ||||
| 583 | ] | ||||
| 584 | }, | ||||
| 585 | "children": [], | ||||
| 586 | "object": { | ||||
| 587 | "label": "Application", | ||||
| 588 | "language": "EN", | ||||
| 589 | "name": "Application", | ||||
| 590 | "scope": "local", | ||||
| 591 | "uuid": "cbfb813a-3e9c-415c-9ece-9c2bd7c781b7", | ||||
| 592 | "version": 0 | ||||
| 593 | }, | ||||
| 594 | "rolfRisks": [], | ||||
| 595 | "rolfTags": [] | ||||
| 596 | }, | ||||
| 597 | { | ||||
| 598 | "asset": { | ||||
| 599 | "amvs": [ | ||||
| 600 | { | ||||
| 601 | "asset": "fa281f62-931c-47dd-82b6-976e543a2168", | ||||
| 602 | "threat": "b402d5f5-4576-11e9-9173-0800277f0571", | ||||
| 603 | "uuid": "15715227-f575-462b-b467-236532cddbb6", | ||||
| 604 | "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
| 605 | } | ||||
| 606 | ], | ||||
| 607 | "asset": { | ||||
| 608 | "code": "OV_IOT_SENSORS", | ||||
| 609 | "description": "", | ||||
| 610 | "label": "IoT - Sensor", | ||||
| 611 | "language": "EN", | ||||
| 612 | "type": "Secondary", | ||||
| 613 | "uuid": "fa281f62-931c-47dd-82b6-976e543a2168", | ||||
| 614 | "version": 0 | ||||
| 615 | }, | ||||
| 616 | "measures": [], | ||||
| 617 | "threats": [ | ||||
| 618 | { | ||||
| 619 | "a": false, | ||||
| 620 | "c": false, | ||||
| 621 | "code": "MDA18", | ||||
| 622 | "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", | ||||
| 623 | "i": true, | ||||
| 624 | "label": "Data from untrustworthy sources", | ||||
| 625 | "language": "EN", | ||||
| 626 | "theme": "Compromise of information", | ||||
| 627 | "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" | ||||
| 628 | } | ||||
| 629 | ], | ||||
| 630 | "vuls": [ | ||||
| 631 | { | ||||
| 632 | "code": "1094", | ||||
| 633 | "description": "", | ||||
| 634 | "label": "The system allows information to be sent and received without authentication of the senders or recipients", | ||||
| 635 | "language": "EN", | ||||
| 636 | "mode": 0, | ||||
| 637 | "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
| 638 | } | ||||
| 639 | ] | ||||
| 640 | }, | ||||
| 641 | "children": [], | ||||
| 642 | "object": { | ||||
| 643 | "label": "Sensor", | ||||
| 644 | "language": "EN", | ||||
| 645 | "name": "Sensor", | ||||
| 646 | "scope": "local", | ||||
| 647 | "uuid": "e1473c38-42fc-4124-8b66-595ed18c1db2", | ||||
| 648 | "version": 0 | ||||
| 649 | }, | ||||
| 650 | "rolfRisks": [], | ||||
| 651 | "rolfTags": [] | ||||
| 652 | } | ||||
| 653 | ], | ||||
| 654 | "object": { | ||||
| 655 | "label": "IoT", | ||||
| 656 | "language": "EN", | ||||
| 657 | "name": "IoT", | ||||
| 658 | "scope": "local", | ||||
| 659 | "uuid": "0ceec4ea-73c0-4055-bcf1-819346ffdd0b", | ||||
| 660 | "version": 0 | ||||
| 661 | }, | ||||
| 662 | "rolfRisks": [], | ||||
| 663 | "rolfTags": [] | ||||
| 664 | } | ||||
| 665 | } |