Threat P.L.HuiPCHS-iP.3.2

The number of login attempts at device Host is limited, and user accounts locked when there are too many unsuccessful login attempts, or too many login attempts within a short period.

Access to device Host is controlled, by authenticating authorised users using biometrics.

Access to device Host is controlled, by authenticating authorised users using a 2-factor system involving possession of a physical key or dongle, such as a chip and PIN card.

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

Device Host is a personal device dedicated to one user, who will protect it from some types of attacks involving ongoing physical access or evident alteration of the device. For these threats, the protection level is very good because a momentary lapse in attention from the user is not sufficient to allow the attack.

The physical space Space is patrolled at frequent intervals to ensure it is free of intruders. Note this does not prevent intrusion, e.g. to steal a device, but it does prevent some types of attacks where the intruder would need uninterrupted access, e.g. use of a device in the space for a significant period.

Users in the role Human are trained to avoid most common cyber security errors by using only strong passwords, recognising malicious emails, and the importance of physical security including the use of screen locking for fixed devices that cannot be carried on the person.