Information Technology Reference
In-Depth Information
in the name of national interest or in the interest of avoiding downstream liability
by being the conduit for a successful attack.
This latter group may include hackers, that nebulous group of people that we
spend so much time defending ourselves against. This latter group also includes
state-sponsored adversaries and non-state-sponsored adversaries. State-sponsored
adversaries include national armed forces or intelligence community. Non-state-
sponsored adversaries may include terrorists.
13.5.4
Adversary Mission
An adversary
mission
is the focus of the means, method, and motivation. The mis-
sion is the segue from threat space (the adversary) to asset space (the adversary's
target). The mission is the
target
and the
desired result
for that target. The target
may be people, process, information, information technology, physical asset, or a
pending business deal.
13.5.4.1 Targets
Example targets for an adversary mission include the following:
n
n
n
Intellectual property
E-commerce
Physical infrastructure
13.5.4.2 Intellectual Property (IP)
Disclosure management is critical to maintain control of intellectual property.
First, stop unauthorized access. Second, manage authorized access by creating IP
categories governing access, for example:
n
n
n
n
Global repository—Accessible globally
Country-limited repository—Accessible within a country only
Location-limited repository—Accessible within a particular location only
Project-limited repository—Accessible only by individuals associated with
the project
Additionally, publish and implement IP management policies that include
items like:
n
All traffic to/from knowledge repositories use a minimum of X-bit encryp-
tion, where X is at least the minimal safe key length of the day.
