Taxonomy for Computer Security Incidents
Stefan Kiltz (Otto-von-Guericke University Magdeburg, Germany), Andreas Lang (Otto-von-Guericke University Magdeburg, Germany) and Jana Dittmann (Otto-von-Guericke University Magdeburg, Germany)
The adaptation and extension is necessary to apply the CERT-taxonomy to malware in order to categorise the threat (e.g., Trojan horses, Viruses etc.) as a basis for countermeasures. For the adaptation of the taxonomy to include malware a new entry in the tools section is needed (malicious software). This entry will cover the Trojan horses mentioned earlier. The proposed extension of the CERT-taxonomy will include the attacker-model, the vulnerability and the objectives. Within the attacker-model a new entry should be added, the security scan. This type of penetration testing by security-experts is similar to the works done by ‘white hat’- hackers. However, such penetration testing is done by contractors on request, within strict margins concerning ethics and the assessment of potential damages before such testing takes place. The objectives within the CERT-taxonomy need a supplement, the security evaluation. This of course is the addition necessary to complement the introduction of the security scan. A very important vulnerability, social engineering, should be added to the taxonomy as well. It describes a very effective way to attack an IT-System. Two types can be distinguished, social engineering with the use of computers (e.g. e-mail content, phishing) and social engineering using human-based methods (e.g. dumpster diving, impostors).