Information Technology Reference
In-Depth Information
13.5.4.9 Steal
Stealing involves the theft of information or information technology. This may be
physical theft or virtual theft (e.g., copying via spyware).
13.5.4.10 Render Useless
Following the principle of least resistance, rendering something useless may be eas-
ier and cheaper than destroying it. Loss of use of a building may be just as devastat-
ing as loss of the building. For example, a biological agent (virus) or chemical in the
ventilation system may render the building unsafe for human use.
Determining the means, method, motivation, and mission is not simple. There
is a role for both deductive and inductive logic. Deductive conclusions from known
facts are less likely than surmising possible outcomes from some facts and some
assumptions. Assigning assumptions reliability and confidence levels helps to
understand and manage uncertainty—reliability and confidence in information
sources, method of process, authenticity of information (i.e., good source that may
be misinformed), and conclusions.
Understanding the means, method, motivation, and mission assists you in
determining appropriate safeguards and articulating justification for those safe-
guards to executives, management, operations, and users. All this seems like a lot
for an IA professional. Well, it can be. IA is in part a science that requires applying
known prudent safeguards in manners known to be effective. IA is also an art that
takes creativity, thinking about organizational risk in new ways, and a constant
vigil for showing the business value of IA.
13.6 Consequences
There are two perspectives on consequences: one is the consequence to your organization,
and the other is the consequence to the adversary. The potential attack consequences to
your organization and how they correlate to motivations include the following:
n
n
n
Level I—Interpersonal damages
Level II—Intercorporate damages
Level III—International damages
Like blood flow to a human and cash flow to an economy, the flow of informa-
tion is important to the world economy; the secure flow of information is critical.
Winn Schwartau's three information warfare levels—
interpersonal
damage,
inter-
corporate
damage, and
international
damage—best exemplify the potential conse-
quences of poor information assurance.
Winn Schwartau's three levels of information warfare.
