Taxonomy for unsecure digital information processing

摘要

At a time when the media constantly reports about new sophisticated attacks, organizations of any business and size need to be prepared for such attacks against their IT infrastructures. To reflect the attacks organizations should have a properly designed information security (IS) management system with adequate documentation support. Among the most important documents, there are IS policies for different application areas, including an IS incident management policy. In order to create a truly effective IS policy it is necessary to adequately describe the organization's business environment from the IS viewpoint. The paper presents four most demand for these purposes classifications (taxonomy) of IS threats, vulnerabilities, attacks and IS incidents as the negative elements that should be avoided.