Home
FT
STOP-IT Quantity FT
STOP-IT Water Quality FT
Import
List
SP Wizard
Risknought
Lists
Measures
Events
Tools
ST Procedures
Search
Login
Measure: PatchAndChangeManagement
Description
Implementation of a concept for the patch and change management in the IT environment. By following this concept, emerging security holes can be closed quickly and any (e.g. software) changes are monitored with regard to security issues. Thus the security of the IT systems of the company is ensured in general.
Comments
The concept should clearly define all responsabilites and procedures of the patch and changes management process. Furthermore, the handling of auto-updates that might be implemented in the used software should be regulated.
Event source types
External attacker
Internal attacker
Event type
Manipulation
Risk reduction mechanism
Frequency/Likelihood
Threat Types
Cyber
Cyber-Physical
Action characteristics
Proactive
Measure types
Cyber Barriers
Control System
Action and Crisis Management Plans and Training
event_ measures
Event-Measure: 98281
Event-Measure: 98521
Event-Measure: 98630
Event-Measure: 98887
Event-Measure: 99017
Event-Measure: 99067
Event-Measure: 99085
Event-Measure: 99390
Event-Measure: 99409
Event-Measure: 99577
Event-Measure: 99688
Event-Measure: 99725
Event-Measure: 99750
Event-Measure: 99836
Event-Measure: 100901
Event-Measure: 101019
Event-Measure: 101050
Event-Measure: 101321
Event-Measure: 101389
Event-Measure: 101527
Event-Measure: 101859
Event-Measure: 102062
Event-Measure: 102085
Event-Measure: 102176
Event-Measure: 102391
Event-Measure: 102531
Event-Measure: 102591
Event-Measure: 102858
Event-Measure: 102891
Event-Measure: 103126
Event-Measure: 103152
Event-Measure: 103159
Event-Measure: 103182
Event-Measure: 103199
Event-Measure: 103421
Event-Measure: 103524
Event-Measure: 103537
Event-Measure: 103720
Event-Measure: 103830
Event-Measure: 103879
Event-Measure: 103885
Event-Measure: 103911
Event Consequences
Quantity
Quality
Financial
Asset types
Drinking Water Network
Drinking Water Tanks
Pressure Boosting Station
Water Abstraction Points
Water Treatment Plants
Events
Basic Event 151 - External person physicaly manipulates tank quality sensor readings
Basic Event 49 - Internal person physically manipulates WTP sensor readings
Basic Event 48 - External person physically manipulates WTP sensor readings
Gate 186 - Quality verification process runs on altered WTP data
Basic Event 201 - Malware performs DoS attack on abstraction well PLCs
Basic Event 50 - Man-in-the-Middle attack manipulates WTP sensor signal
Basic Event 153 - External attacker manipulates WTP transmission devices
Basic Event 51 - Internal cyber manipulation of WTP sensor signal
Basic Event 170 - External attacker manipulates surface water system transmission devices
Basic Event 189 - Man-in-the-Middle attack manipulates groundwater quality sensor signal
Basic Event 209 - External person physically manipulates WTP sensor readings
Basic Event 252 - Man-in-the-Middle attack manipulates WDN PBS sensor signals
Basic Event 261 - Undetected SCADA hijacking software takes control of PBS operation
Basic Event 155 - External person physicaly manipulates abstraction point quality sensor readings
Basic Event 214 - Undetected SCADA hijacking software takes control of WTP operation
Gate 193 - Surface water management system functions on altered data
Basic Event 250 - Malware alters PLC statements that control pump
Gate 239 - Mislead PLC controlled WDN tank refill process
Basic Event 65 - DoS attack to dosing system PLC
Basic Event 237 - Malware alters PLC statements that control WDN tank refill
Basic Event 156 - Man-in-the-Middle attack manipulates abstraction point quality sensors
Basic Event 275 - Malware alters WDN control statements
Basic Event 277 - Malware tampers network topology characteristics on prediction models (e.g. tank volume curve)
Gate 220 - Staff or PLC controlled hydraulic processes run on altered WTP data
Basic Event 276 - SQL injection to data used for demand prediction
Gate 111 - Insufficient disinfection due to loss of WTP control
Basic Event 151 - External person physicaly manipulates tank quality sensor readings
Basic Event 194 - External person manipulates transmission wires of wells
Basic Event 264 - Malware alters PLC statements that control valve
Basic Event 152 - Man-in-the-Middle attack manipulates quality sensor signals
Basic Event 167 - External person physically manipulates surface water system sensor readings
Basic Event 219 - DoS attack to WTP process system PLC
Basic Event 195 - External person manipulates data transmission system of wells
Basic Event 63 - Undetected SCADA hijacking software takes control of WTP operation
Basic Event 265 - Man-in-the-Middle attack manipulates WDN valve sensor signals
Basic Event 64 - Man-in-the-Middle attack manipulates WTP control signals
Gate 260 - WDN control system manipulated
Basic Event 196 - Man-in-the-Middle attack manipulates well sensor signal
Basic Event 211 - External attacker manipulates WTP transmission devices
Gate 177 - Staff or PLC controlled processes run on altered WTP data
Basic Event 152 - Man-in-the-Middle attack manipulates quality sensor signals
Basic Event 168 - External person physically manipulates surface water system sensor readings
Specific Assets
Control System
Media Channels
Sensor
Server
Transmission Devices
Measure ID
M57
Name
PatchAndChangeManagement
Risk reduction mechanism
Frequency/Likelihood
Action characteristics
Proactive