Control ManualIntervention

An individual user role within the socio-technical system that uses and/or manages assets.

Use a systematic procedure for regular updating of software used (including hosted processes) on device Host, and have a contingency plan included in the system operating policies and practices for HostManager to manually apply updates immediately should the need for them become urgent.

Represents a situation in which software patches have been applied manually by HostManager to address functional bugs in device Host. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Note that this should only be considered if a suitable software patch is available. To implement this at runtime, signal the responsible user HostManager. Then deselect the SoftwarePatched control and restore the asserted Intrinsic TWL of Host once the update has been confirmed.

The device Host is monitored for reliability or availability, and if problems are found, its manager HostManager can take corrective action while waiting for updated software or hardware. This strategy represents a contingency plan included in the system operating policies and practices, e.g. to roll back software to an older but more reliable version or switch to a stand-in device from a different hardware vendor.

The device Host was found to have reliability or availability issues, and action has been taken by its manager HostManager to correct the problem. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal HostManager that the problem was detected with Host.

The process Process is monitored for reliability and availability, and if problems are found, the manager HostManager of its host device Host can take corrective action while waiting for updated software. This strategy represents a contingency plan included in the operating policies and practices if certain threats should arise, e.g. to roll back software to an older but more reliable version.

The process Process was found to have reliability or availability issues, and action has been taken by the manager HostManager of its host device to correct the problem. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal HostManager that the problem was detected with Process.

Device Gateway is physically monitored to rapidly detect if it has been physically removed, altered or substituted, so its manager HostManager can address any physical compromise. This strategy represents a contingency plan included in the system operating policies and practices, e.g. to repair or replace the affected device. Activation of the plan restores normal service, but if the device was stolen the attacker still has possession of the original which could still be misused.

Device Gateway having found to be physically removed, altered or substituted, action has been taken by its manager HostManager to restore normal service. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal HostManager that the problem was detected with Gateway which may need repair or replacement.

Device Host is physically monitored to rapidly detect if it has been physically removed, altered or substituted, so its manager HostManager can address any physical compromise. This strategy represents a contingency plan included in the system operating policies and practices, e.g. to repair or replace the affected device. Activation of the plan restores normal service, but if the device was stolen the attacker still has possession of the original which could still be misused.

Device Host having found to be physically removed, altered or substituted, action has been taken by its manager HostManager to restore normal service. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal HostManager that the problem was detected with Host which may need repair or replacement.

Device Host can be remotely wiped by its user Human if the device is lost or stolen, permanently removing accounts, security keys and data. This strategy represents a contingency plan

Device Host has been remotely wiped by its user after being stolen. To implement this at runtime, signal the device user Human that the action should be taken. The control strategy is used to model the effect this should have so it can be considered as an option in current (runtime) decision support calculations. To activate it at runtime, signal user Human who is responsible for the device. Then deselect the ManualActionTaken control and restore the asserted Possession TWL of Host once the action has been confirmed.