NIST800-30 - Table I-5 Dan I-7 - Adversarial Dan Non-Adversarial

NIST SP 800-30 - TABLE I-5: ADVERSARIAL RISK (PAGE I-3)
1 2
No Threat Event Threat Sources
Perform reconnaissance and gather information.
(Lihat TABLE D-2 di APPENDIX D halaman

Dari Table E-2 halaman PAGE E-2 hingga PAGE PAGE D-2 - tuliskan di sini siapa saja dari
E-6 Table D-2 yang bisa melakukan kejadian
ancaman no 1 tsb.)
Perform perimeter network Individual

1 reconnaissance/scanning
individual, Group, Organization
2
Perform network sniffing of exposed networks
3 Gather information using open source discovery Individual

of organizational information.
4 Perform reconnaissance and surveillance of Organizazion

targeted organization
5 Perform malware-directed internal Accidental

reconnaissance.
Craft or create attack tools.
1 Craft phishing attacks. Software
2 Craft spear phishing attacks. Software
3 Craft attacks specifically based on deployed

information technology environment Infrastructure Failure/Outage
4 Create counterfeit/spoof website. Information Technology (IT) Equipment
5 Craft counterfeit certificates. Individual
Create and operate false front organizations to

6 inject malicious components into the supply
chain. Organization
Deliver/insert/install malicious capabilities.
Deliver known malware to internal
1 organizational information systems (e.g., virus
via email). Information Technology (IT) Equipment
2 Deliver modified malware to internal
organizational information systems Software
3 Deliver targeted malware for control of internal

systems and exfiltration of data Software
4
deliver malware by providing removable media Information Technology (IT) Equipment
5 Insert untargeted malware into downloadable

software and/or into commercial information
technology products. Information Technology (IT) Equipment
Insert targeted malware into organizational

6 information systems and information system
components Information Technology (IT) Equipment
Insert specialized malware into
7 organizational information systems based on
system configurations
Software
Insert counterfeit or tampered hardware
8 into the supply chain. Software
Insert tampered critical components into
9 organizational systems. Software
Install general-purpose sniffers on
10 organization-controlled information systems
or networks
Information Technology (IT) Equipment
Install persistent and targeted sniffers on
11 organizational information systems and
networks.
Insert malicious scanning devices (e.g.,
12 wireless sniffers) inside facilities. Software
Insert subverted individuals into
13 organizations. Software
Insert subverted individuals into privileged
14 positions in organizations. Software
Exploit and compromise.
Exploit physical access of authorized staff to

1
gain access to organizational facilities.
Privileged User/Administrator
Exploit poorly configured or unauthorized
2 information systems exposed to the User
Internet.
3 Exploit split tunneling. Privileged User/Administrator
Exploit multi-tenancy in a cloud
4
environment. Privileged User/Administrator
5 Exploit known vulnerabilities in mobile User
systems (e.g., laptops, PDAs, smart phones).
6 Exploit recently discovered vulnerabilities. User
Exploit vulnerabilities on internal

7 organizational information systems.
User
8 Exploit vulnerabilities using zero-day attacks.

Exploit vulnerabilities in information
9 systems timed with organizational
mission/business operations tempo. Privileged User/Administrator
10 Exploit insecure or incomplete data deletion User

in multi-tenant environment.
Violate isolation in multi-tenant
11
environment. Privileged User/Administrator
Compromise critical information systems via User
12 physical access.
Compromise information systems or devices
13 used externally and reintroduced into the User
enterprise.
Compromise software of organizational
14
critical information systems. Privileged User/Administrator
Compromise organizational information
15 systems to facilitate exfiltration of
data/information. Privileged User/Administrator
16 Compromise mission-critical information.

Compromise design, manufacture, and/or
distribution of information system
17
components (including hardware, software,
and firmware). Privileged User/Administrator
Conduct an attack (i.e. direct/coordinate attack tools or activities
Conduct communications interception
1 attacks.
Telecommunications
2 Conduct wireless jamming attacks. Telecommunications
Conduct attacks using unauthorized ports,
3 protocols and services. Telecommunications
Conduct attacks leveraging traffic/data
4 movement allowed across perimeter. Telecommunications
Conduct simple Denial of Service (DoS)
5 attack. Telecommunications
Conduct Distributed Denial of Service
6 (DDoS) attacks. Infrastructure Failure/Outage
Conduct targeted Denial of Service (DoS)
7 attacks. Infrastructure Failure/Outage
Conduct physical attacks on organizational
8 facilities. Infrastructure Failure/Outage
Conduct physical attacks on infrastructures
9 supporting organizational facilities.
Infrastructure Failure/Outage
Conduct cyber-physical attacks on
10 organizational facilities. Infrastructure Failure/Outage
Conduct data scavenging attacks in a cloud
11 environment. Information Technology (IT) Equipment
Conduct brute force login
12 attempts/password guessing attacks. Information Technology (IT) Equipment
13 Conduct nontargeted zero-day attacks. Information Technology (IT) Equipment
Conduct externally-based session hijacking.
14
Software
Conduct internally-based session hijacking.
15
Conduct externally-based network traffic
16 modification (man in the middle) attacks. Software
Conduct internally-based network traffic
17 modification (man in the middle) attacks. Software
Conduct outsider-based social engineering
18 to obtain information. Software
Conduct insider-based social engineering to
19 obtain information. Information Technology (IT) Equipment
Conduct attacks targeting and compromising
20 personal devices of critical employees.
Telecommunications
Conduct supply chain attacks targeting and
21 exploiting critical hardware, software, or
firmware.
Telecommunications
Achieve results (i.e., cause adverse impacts, obtain information)
Obtain sensitive information through
1 network sniffing of external networks.
Telecommunications
Obtain sensitive information via exfiltration.
2
Cause degradation or denial of attacker-
3 selected services or capabilities.
Cause deterioration/destruction of critical
4 information system components and
functions.
Infrastructure Failure/Outage
Cause integrity loss by creating, deleting,
and/or modifying data on publicly accessible
5 information systems (e.g., web defacement).
Software
Cause integrity loss by polluting or
6 corrupting critical data. Telecommunications
Cause integrity loss by injecting false but
7 believable data into organizational
information systems. Infrastructure Failure/Outage
8 Cause disclosure of critical and/or sensitive

information by authorized users.
Software
Cause unauthorized disclosure and/or
9 unavailability by spilling sensitive
information. Software
10 Obtain information by externally located

interception of wireless network traffic. Infrastructure Failure/Outage
11 Obtain unauthorized access. Software
12 Obtain sensitive data/information from

publicly accessible information systems. Software
Obtain information by opportunistically
13 stealing or scavenging information
systems/components. Infrastructure Failure/Outage
Maintain a presence or set of capabilities.
1 Obfuscate adversary actions. Unusual Natural Event
Adapt cyber attacks based on detailed
2 surveillance. Unusual Natural Event
Coordinate a campaign
1 Coordinate a campaign of multi-staged Nation-State
attacks (e.g., hopping).
Coordinate a campaign that combines
internal and external attacks across multiple
2
information systems and information
technologies. Infrastructure Failure/Outage
Coordinate campaigns across multiple
3 organizations to acquire specific information Nation-State
or achieve desired outcome.
Coordinate a campaign that spreads attacks

4 across organizational systems from existing
presence. Environmental Controls
Coordinate a campaign of continuous,
5 adaptive, and changing cyber attacks based
on detailed surveillance. Information Technology (IT) Equipment
Coordinate cyber attacks using external
6 (outsider), internal (insider), and supply Organizasion
chain (supplier) attack vectors.
3 4 5 6 7 8
Likelihood of attack
Threat Sources Characteristics
Relevance
initiation
Vulnerabilities and
Predisposing
Capability
Targeting
Conditions
Intent
(Lihat TABLE (Lihat TABLE

D-3 di G-2 di
APPENDIX (Lihat
(Lihat TABLE (Lihat TABLE E-4) (Lihat TABLE F-2 dan
APPENDIX G
D halaman TABLE D-4) D-5) halaman PAGE TABLE F-4)
PAGE D-3) G-2)
Confirmed high moderate

High Very High High

High Very High High

Very High High High

High High Very High

Very High High High
High Very High Very High Confirmed moderate moderate

Very High Very High High Confirmed moderate moderate
moderate moderate
High High Very High Confirmed
Very High Very High Very High Confirmed moderate moderate
Very High High Very High Confirmed moderate moderate
moderate moderate
High Very High High Confirmed
moderate moderate moderate very high moderate

Confirmed
Confirmed

Confirmed

Confirmed
Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed
moderate moderate moderate moderate moderate

Confirmed

Confirmed
moderate moderate moderate Confirmed moderate moderate

Confirmed
Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed
Confirmed

Confirmed
moderate moderate moderate Confirmed very high moderate

Confirmed

Confirmed

Confirmed
Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed
moderate moderate moderate Confirmed very high moderate

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed
high high high high moderate

Confirmed

Confirmed

Confirmed
Confirmed
Confirmed

Confirmed

Confirmed

Confirmed

Confirmed

Confirmed
high high high Confirmed high moderate

Confirmed

Confirmed
high high high Confirmed very high moderate

Confirmed

Confirmed
Confirmed

Confirmed

Confirmed
Confirmed

Confirmed
9 10 11 12 13
Likelihood Initiated
Overall Likelihood
Attack succeeded
pervasiveness
Severity and
Level Of Impact
Risk (Likelihood
x Impact)
(Lihat TABLE H-3 di

APPENDIX H di (Lihat TABLE I-2 di
halaman PAGE H-3 - APPENDIX I halaman
(Lihat TABLE F-5) (Lihat TABLE G-4) (Lihat TABLE G-5) Lihat juga TABLE H-2 PAGE I-2 , lihat juga
untuk TABLE I-3 sebagai
memperkirakan level acuan)
impact)
high high moderate moderate moderate
high moderate moderate moderate moderate
very high moderate moderate moderate moderate
moderate high moderate moderate moderate

very high high moderate moderate moderate




high moderate moderate moderate



NIST SP 800-30: TABLE I-7: NON-ADVERSARIAL RISK (PAGE I-4)
No Threat Event Threat source
1 2
(Lihat TABLE D-2 di kelompok Accidental

dan seterusnya). Sumber ancaman bisa
(Lihat TABLE E-3)
lebih dari satu. Setiap sumber ancaman
dievaluasi tersendiri (pada baris
tersendiri) yang menghasilkan score Risk
tersendiri pula.
1 Spill sensitive information User

2
Mishandling of critical and/or sensitive
information by authorized users Privileged User/Administrator
3 Incorrect privilege settings Privileged User/Administrator
4 Communications Contention User
5 Unreadable display Privileged User/Administrator
6 Earthquake at primary facility Natural or man-made disaster
7 Fire at primary facility ADVERSARIAL, ENVIRONMENTAL
8 Fire at backup facility ADVERSARIAL, ENVIRONMENTAL
9 Flood at primary facility Natural or man-made disaster
10 Flood at backup facility Natural or man-made disaster
11 Hurricane at primary facility Natural or man-made disaster
12 Hurricane at backup facility Natural or man-made disaster
13 Resource depletion ADVERSARIAL
14
Introduction of vulnerabilities into software
products STRUCTURAL
15 Disk error Information Technology (IT) Equipment
16 Pervasive disk error Natural or man-made disaster
17 Windstorm/tornado at primary facility Natural or man-made disaster
18 Windstorm/tornado at backup facility Natural or man-made disaster
Likelihood ofAttack
Vulnerabilities
Relevance
Range
Initiation
and
of Predisposing
Effects
Conditions
3 4 5 6
(Lihat TABLE D-6) (Lihat TABLE E-4) (Lihat TABLE G-3) (Lihat TABLE F-4)
Moderate Confirmed high OPERATIONAL / ENVIRONMENTAL
Moderate high
Confirmed TECHNICAL
Moderate Confirmed high TECHNICAL
Moderate Confirmed high Functional
Moderate high
Confirmed TECHNICAL
Moderate Confirmed high Functional
Likelihood Initiated
Overall Likelihood
Attack Succeeds
Pervasiveness
Severity and
Level of Impact
7 8 9 10
(Lihat TABLE H-3 di APPENDIX H di halaman

(Lihat TABLE F-5) (Lihat TABLE G-4) (Lihat TABLE G-5) PAGE H-3 - Lihat juga TABLE H-2 untuk
memperkirakan level impact)
high Moderate very high Moderate

Moderate high Moderate Moderate
Moderate Moderate Moderate Moderate
high high Moderate Moderate
Moderate high high Moderate
high Moderate high Moderate
Moderate Moderate very high Moderate
high Moderate Moderate Moderate
Risk (Likelihood x Impact)
11
Kolom 9 x Kolom 10 (score Risk didasarkan

pada matrix di TABLE I-2 di APPENDIX I
halaman I-2 , lihat juga TABLE I-3 sebagai
acuan)
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate
Moderate

NIST800-30 - Table I-5 Dan I-7 - Adversarial Dan Non-Adversarial

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NIST800-30 - Table I-5 Dan I-7 - Adversarial Dan Non-Adversarial

Uploaded by

Copyright:

Available Formats

NIST SP 800-30 - TABLE I-5: ADVERSARIAL RISK (PAGE I-3)

No Threat Event Threat Sources

Perform reconnaissance and gather information.

(Lihat TABLE D-2 di APPENDIX D halaman

Perform perimeter network Individual

3 Gather information using open source discovery Individual

4 Perform reconnaissance and surveillance of Organizazion

5 Perform malware-directed internal Accidental

3 Craft attacks specifically based on deployed

Create and operate false front organizations to

3 Deliver targeted malware for control of internal

5 Insert untargeted malware into downloadable

Insert targeted malware into organizational

Exploit physical access of authorized staff to

6 Exploit recently discovered vulnerabilities. User

Exploit vulnerabilities on internal

8 Exploit vulnerabilities using zero-day attacks.

10 Exploit insecure or incomplete data deletion User

16 Compromise mission-critical information.

8 Cause disclosure of critical and/or sensitive

10 Obtain information by externally located

12 Obtain sensitive data/information from

Coordinate a campaign that spreads attacks

(Lihat TABLE (Lihat TABLE

Confirmed high moderate

Confirmed high moderate

Confirmed high moderate

Confirmed high moderate

Confirmed high moderate

High Very High Very High Confirmed moderate moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate moderate moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate

moderate moderate moderate very high moderate