Abstract
The adaptation and extension is necessary to apply the CERT-taxonomy to malware in order to categorise the threat (e.g., Trojan horses, Viruses etc.) as a basis for countermeasures. For the adaptation of the taxonomy to include malware a new entry in the tools section is needed (malicious software). This entry will cover the Trojan horses mentioned earlier. The proposed extension of the CERT-taxonomy will include the attacker-model, the vulnerability and the objectives. Within the attacker-model a new entry should be added, the security scan. This type of penetration testing by security-experts is similar to the works done by ‘white hat’- hackers. However, such penetration testing is done by contractors on request, within strict margins concerning ethics and the assessment of potential damages before such testing takes place. The objectives within the CERT-taxonomy need a supplement, the security evaluation. This of course is the addition necessary to complement the introduction of the security scan. A very important vulnerability, social engineering, should be added to the taxonomy as well. It describes a very effective way to attack an IT-System. Two types can be distinguished, social engineering with the use of computers (e.g. e-mail content, phishing) and social engineering using human-based methods (e.g. dumpster diving, impostors).
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
