Threat D.C.HuiPiDCHS.3

URI: D.C.HuiPiDCHS.3

Package: Application

< prev | next >

Description: Data Data entered via Process leaks by shoulder surfing Human in space Space: if Human is not careful, someone with access to space Space could shoulder surf a session during which Human enters Data via the user interface of Process on host device Host.

Threat Type: Primary Threat

Matching Pattern:

D.C.HuiPiDCHS.3
MP-HuiPiDCHS

Finds a user interacting directly with a process to enter data using a console host located in a space.

        (empty)

        (empty)

CSG-IgnorePhysicalThreatsFromWorld

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

CSG-PersonalDeviceProtection

Device Host is a personal device dedicated to one user, who will protect it from some types of attacks involving physical access. This particular strategy relates to threats that are blocked, affording slightly less than perfect protection because the user may be overcome by force or become temporarily less than vigilant.

CSG-UserSecurityTraining

Users in the role Human are trained to avoid most common cyber security errors by using only strong passwords, recognising malicious emails, and the importance of physical security including the use of screen locking for fixed devices that cannot be carried on the person.