4.7 Analyzing expected threats
This section analyzes the threats that can be expected for the system, based on the information examined in 4.4 Considering the users of the system and 4.5 Considering the resources handled by the system, and checked in 4.6 Checking the preconditions for a secure system.
Threats expected for the system are as follows.
-
Service use by an unauthorized user
An end-user who is not registered in the system is able to use a service.
-
Service use by a user who does not follow the procedure document
An end-user who obtains a user ID and password registered in the system might not follow the End-User Operating Procedure document, and exploit a vulnerability in the system in order to use a service.
Also, a user registered in the system might use a service that he or she is not authorized to use.
-
System configuration by an unauthorized System administrator
A user who is not a System administrator might enter the server area and configure the system illegally and without following the Entry and Exit Procedure document.
-
System operation by an unauthorized System operator
A user who is not a System operator might enter the server area and operate the system illegally and without following the Entry and Exit Procedure document.
-
System operation by a System operator who does not follow the procedure document
A user might use the Management Server management user account of a System operator and operate the system in a manner that does not comply with the System Operating Procedure document.
To protect the system against these threats, implement the countermeasures described in 4.8 Considering countermeasures.
For details about the Entry and Exit Procedure, System Setup Procedure, System Operating Procedure, and End-User Operating Procedure documents, see 4.9 Considering work procedures.