MONARC Threats (draft)


Description
Threats used in MONARC (CASES model)
Owning organization
Validating JSON schema
MISP taxonomies (provided by MISP)
Creator
License
Creative Commons Zero v1.0 Universal

Definition of the object
{
    "description": "MONARC Threats Taxonomy",
    "expanded": "MONARC Threats",
    "namespace": "monarc-threat",
    "predicates": [
        {
            "expanded": "Compromise of functions",
            "value": "compromise-of-functions"
        },
        {
            "expanded": "Unauthorised actions",
            "value": "unauthorised-actions"
        },
        {
            "expanded": "Compromise of information",
            "value": "compromise-of-information"
        },
        {
            "expanded": "Loss of essential services",
            "value": "loss-of-essential-services"
        },
        {
            "expanded": "Technical failures",
            "value": "technical-failures"
        },
        {
            "expanded": "Physical damage",
            "value": "physical-damage"
        }
    ],
    "refs": [
        "https://monarc.lu"
    ],
    "values": [
        {
            "entry": [
                {
                    "description": "A person commits an operating error, input error or utilisation error on hardware or software.",
                    "expanded": "Error in use",
                    "value": "error-in-use"
                },
                {
                    "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.",
                    "expanded": "Forging of rights",
                    "value": "forging-of-rights"
                },
                {
                    "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.",
                    "expanded": "Eavesdropping",
                    "value": "eavesdropping"
                },
                {
                    "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation.",
                    "expanded": "Denial of actions",
                    "value": "denial-of-actions"
                },
                {
                    "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.",
                    "expanded": "Abuse of rights",
                    "value": "abuse-of-rights"
                },
                {
                    "description": "Absence of qualified or authorised personnel to execute the usual operations.",
                    "expanded": "Breach of personnel availability",
                    "value": "breach-of-personnel-availability"
                }
            ],
            "predicate": "compromise-of-functions"
        },
        {
            "entry": [
                {
                    "description": "Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software.",
                    "expanded": "Fraudulent copying or use of counterfeit software",
                    "value": "fraudulent-copying-or-use-of-counterfeit-software"
                },
                {
                    "description": "Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful.",
                    "expanded": "Corruption of data",
                    "value": "corruption-of-data"
                },
                {
                    "description": "A person carries out information processing that is forbidden by the law or a regulation.",
                    "expanded": "Illegal processing of data",
                    "value": "illegal-processing-of-data"
                }
            ],
            "predicate": "unauthorised-actions"
        },
        {
            "entry": [
                {
                    "description": "Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard.",
                    "expanded": "Remote spying",
                    "value": "remote-spying"
                },
                {
                    "description": "Someone with access to a communication medium or equipment installs an interception or destruction device in it.",
                    "expanded": "Tampering with hardware",
                    "value": "tampering-with-hardware"
                },
                {
                    "description": "Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon).",
                    "expanded": "Interception of compromising interference signals",
                    "value": "interception-of-compromising-interference-signals"
                },
                {
                    "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.",
                    "expanded": "Theft or destruction of media, documents or equipment",
                    "value": "theft-or-destruction-of-media-documents-or-equipment"
                },
                {
                    "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.",
                    "expanded": "Retrieval of recycled or discarded media",
                    "value": "retrieval-of-recycled-or-discarded media"
                },
                {
                    "description": "Unwanted software that is doing operations seeking to harm the company.",
                    "expanded": "Malware infection",
                    "value": "malware-infection"
                },
                {
                    "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.",
                    "expanded": "Data from untrustworthy sources",
                    "value": "data-from-untrustworthy-sources"
                },
                {
                    "description": "Person who voluntarily or negligently disclosure information.",
                    "expanded": "Disclosure",
                    "value": "disclosure"
                }
            ],
            "predicate": "compromise-of-information"
        },
        {
            "entry": [
                {
                    "description": "Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network).",
                    "expanded": "Failure of telecommunication equipment",
                    "value": "failure-of-telecommunication-equipment"
                },
                {
                    "description": "Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier's service or from the internal distribution system.",
                    "expanded": "Loss of power supply",
                    "value": "loss-of-power-supply"
                },
                {
                    "description": "Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely.",
                    "expanded": "Failure of air-conditioning",
                    "value": "failure-of-air-conditioning"
                }
            ],
            "predicate": "loss-of-essential-services"
        },
        {
            "entry": [
                {
                    "description": "Design error, installation error or operating error committed during modification causing incorrect execution.",
                    "expanded": "Software malfunction",
                    "value": "software-malfunction"
                },
                {
                    "description": "Logical or physical event causing hardware malfunctions or failures.",
                    "expanded": "Equipment malfunction or failure",
                    "value": "equipment-malfunction-or-failure"
                },
                {
                    "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.",
                    "expanded": "Saturation of the information system",
                    "value": "saturation-of-the-information-system"
                },
                {
                    "description": "Lack of expertise in the system making retrofitting and upgrading impossible",
                    "expanded": "Breach of information system maintainability",
                    "value": "breach-of-information-system-maintainability"
                }
            ],
            "predicate": "technical-failures"
        },
        {
            "entry": [
                {
                    "description": "Event causing destruction of equipment or media.",
                    "expanded": "Destruction of equipment or supports",
                    "value": "destruction-of-equipment-or-supports"
                },
                {
                    "description": "Any situation that could facilitate the conflagration of premises or equipment.",
                    "expanded": "Fire",
                    "value": "fire"
                },
                {
                    "description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)",
                    "expanded": "Water damage",
                    "value": "water-damage"
                },
                {
                    "description": "Any event that can physically destroy the premises",
                    "expanded": "Major accident",
                    "value": "major-accident"
                },
                {
                    "description": "Presence of dust, vapours, corrosive or toxic gases in the ambient air.",
                    "expanded": "Pollution",
                    "value": "pollution"
                },
                {
                    "description": "Any event that can physically ruin the premises",
                    "expanded": "Environmental disaster (fire, flood, dust, dirt, etc.)",
                    "value": "environmental-disaster"
                }
            ],
            "predicate": "physical-damage"
        }
    ],
    "version": 1
}