Information Technology Reference
In-Depth Information
table 9.10 Appli
ed iA
2
Summary: Honeypots
IA
2
Topic
Description
Mechanism
Honeypots, stickypots, or variation
Drivers
If the organization is an attractive target, present an obvious
attractive target as a distraction. May fool many casual
observers and provide a clue to the possibility of a more
focused effort before that effort reaches the real enterprise
information technology.
IA
2
view
Applicable IA
2
views:
People, systems and applications, information/data,
infrastructure (technical)
The IA
2
people view is included here because the effective
use of a honeypot includes understanding that part of the
threat space that contains intelligence and intent (i.e.,
people). The honeypot may provide a defensive posture or
an offensive posture with disinformation. The offensive
posture is a tricky maneuver that requires deeper cognitive
analysis of adversaries.
IA core principles
Applicable IA core principles:
Confidentiality-integrity-availability (CIA)
Authenticity (A)
Privacy-authorized use (PA)
Compliance
requirements
Honeypots probably find no explicit compliance
motivations. Enterprise policy may reflect the need to
distract would-be cyber-intruders.
ELCM application
Applicable ELCM elements: O&M
Verification
Tiger team, penetration testing (Where does the use of
automated discovery tools take you? To the honeypot
[good] or to a production server [not good]?)
Operations
Applicable IA operations cycle elements: Anticipate, defend,
monitor, respondHoneypots may provide an early warning
and thus enable a preemptive response.
