tailieunhanh - security assessment case studies for implementing the nsa iam phần 8
và lắng nghe cho người dân tham gia trong cuộc phỏng vấn nhóm, nhóm nghiên cứu đánh giá có thể nhìn thấy những người có một sự khác biệt ý kiến từ đội ngũ đánh giá chi phối sẽ muốn được chắc chắn để phỏng vấn những người riêng lẻ. | Managing the Findings Chapter 8 295 Table A Sample of Findings from the SA for Medical Management Vulnerability Finding Threat Source Impact Rating Consequence Lack of separation of duties 33 Intentional modification of data High System administrators without detection can bypass mechanisms in place for holding users responsible for their actions. Due to a lack of resources a decision has been made to allow the system administrators to audit their own activity. This could result in a loss of integrity. JSPServlet enumeration vulnerability 34 Unauthorized access Low An attacker can use this vulnerability to enumerate the physical path of the webroot. This could result in a loss of confidentiality integrity and availability if the attacker is able to use this information to compromise the system. Web server enumeration vulnerability 35 Unauthorized access Low Allows attackers to identify specific version of IIS to tailor specific attacks. This could result in a loss of confidentiality integrity and availability if the attacker is able to use this information to compromise the system. Cold Fusion debug enumeration 36 Unauthorized access Low It is possible to anonymously view debug information which usually contains sensitive data such as template path or server version. This could result in a loss of confidentiality integrity and availability if the attacker is able to use this information to compromise the system. Continued 296 Chapter 8 Managing the Findings Table A Sample of Findings from the SA for Medical Management Finding Threat Impact Source Rating Consequence Vulnerability Security alerts 37 Administra- Low Without documented and incident handling procedures are not documented tive error procedures the response taken is ad hoc and results in opinion-driven decisions which can expose Medical Management to errors in human judgment. This could result in a loss of confidentiality or integrity if an incident goes unnoticed. Contingency 38
đang nạp các trang xem trước