Security Pattern Credential Stuffing ()
Security Pattern Credential Stuffing
Threat Agents Threat Events
Threat Agents <<Threat Agent>> Td3 - Adversary with minimal resources who is willing to take significant risk (e.g., unsophisticated hackers)
Threat Agents <<Threat Agent>> Td4 : Sophisticated adversary with moderate resources who is willing to take little risk (e.g., organized crime, sophisticated hackers, international corporations)
Control Objective Risk
Security Requirement Control Objective
Control Measure Security Requirement
Control Measure Security Principle
Implemented Control Measures Implemented Control Measure
Implemented Control Measures Vunerabilities
Implemented Control Measures Control Measure
Implemented Control Measures Implemented Control Measure
Implemented Control Measures Implemented Control Measures
Security Principle Control Objective
Vunerabilities <<Vunerability>> No risk based authentication
Vunerabilities Assets at Risk
Vunerabilities <<Vunerability>> Single factor of authentication
Vunerabilities <<Vunerability>> No bot detection
Assets at Risk <<Asset at Risk>> Data
Assets at Risk Implemented Control Measures
Assets at Risk <<Asset at Risk>> Reputation
Assets at Risk <<Asset at Risk>> Finacial
Threat Events <<Threat Event>> Application for Benefit (CERB & EI)
Threat Events <<Threat Event>> EI/CPP/OAS personal information changes
Threat Events Vunerabilities
Threat Events <<Threat Event>> MSCA Account takeover
Threat Events Loss Events
Loss Events Risk
Loss Events <<Loss Event>> Trust / Client Confidence
Loss Events <<Loss Event>> Fraudulent Payment