Security Pattern Impersonation

Security Pattern Impersonation ()


Threat Agents
Risk
Control Objective
Security Requirement
Control Measure
Implemented Control Measures
Implemented Control Measure
Implemented Control Measure
Implemented Control Measures
Security Principle
Vunerabilities
<<Vunerability>> Single factor of authentication
<<Vunerability>> No bot detection
<<Vunerability>> No risk based authentication
Assets at Risk
<<Asset at Risk>> Data
<<Asset at Risk>> Reputation
<<Asset at Risk>> Finacial
Threat Events
<<Threat Event>> MSCA Account takeover
<<Threat Event>> Application for Benefit (CERB & EI)
<<Threat Event>> EI/CPP/OAS personal information changes
Loss Events
<<Loss Event>> Trust / Client Confidence
<<Loss Event>> Fraudulent Payment

<<Threat Agent>> Td4 : Sophisticated adversary with moderate resources who is willing to take little risk (e.g., organized crime, sophisticated hackers, international corporations)
<<Threat Agent>> Td3 - Adversary with minimal resources who is willing to take significant risk (e.g., unsophisticated hackers)


		Threat Agents	Threat Events
		Control Objective	Risk
		Security Requirement	Control Objective
		Control Measure	Security Requirement
		Control Measure	Security Principle
		Implemented Control Measures	Implemented Control Measure
		Implemented Control Measures	Control Measure
		Implemented Control Measures	Implemented Control Measures
		Implemented Control Measures	Vunerabilities
		Implemented Control Measures	Implemented Control Measure
		Security Principle	Control Objective
		Vunerabilities	<<Vunerability>> No risk based authentication
		Vunerabilities	Assets at Risk
		Vunerabilities	<<Vunerability>> Single factor of authentication
		Vunerabilities	<<Vunerability>> No bot detection
		Assets at Risk	<<Asset at Risk>> Reputation
		Assets at Risk	<<Asset at Risk>> Finacial
		Assets at Risk	Implemented Control Measures
		Assets at Risk	<<Asset at Risk>> Data
		Threat Events	Vunerabilities
		Threat Events	<<Threat Event>> MSCA Account takeover
		Threat Events	<<Threat Event>> EI/CPP/OAS personal information changes
		Threat Events	<<Threat Event>> Application for Benefit (CERB & EI)
		Threat Events	Loss Events
		Loss Events	<<Loss Event>> Fraudulent Payment
		Loss Events	<<Loss Event>> Trust / Client Confidence
		Loss Events	Risk