Threat H.E.WmPH.9

URI: H.E.WmPH.9

Package: Network

< prev | next >

Description: Physical hosts exist that have no specified or inferrable location: any host with no location is inferred to be in the inferred global public space Space, so physical attacks are not overlooked. If the location of some hosts was deliberately omitted, select controls to indicate whether this is because those hosts are indeed not in a secure location, or because physical attacks on those hosts are out of scope in this system model. If the host locations was an oversight, please add space assets representing their location (if not already included) and add relationships to specify in which space each host is located.

Threat Type: Primary Threat

Matching Pattern:

H.E.WmPH.9
MP-WmPH

Finds a solo World asset (i.e. the inferred global public space), in which at least one Host is assumed to be (due to having no other defined location).

        (empty)

        (empty)

        (empty)

        (empty)

CSG-IgnorePhysicalThreatsFromWorld

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

CSG-IncludePhysicalThreatsFromWorld

Indicates that threats to Host from space Space should be considered, even though Host has no explicit location and is inferred to be in the global public space (the World). This control strategy is a way to specify that despite Host having no explicitly defined location, physical security is in scope, and the device is considered to be physically insecure. It addresses modelling error threats but not security threats to Host from Space.