The Information object is representing a set of information that is particularly interesting to analyze. An Information object is optional but enables taking replication aspects like backups and high availability solutions into account.
An Information object can be connected to one or several Data objects. The available connection types are InfoContainment and Replica.
When an Information object is connected to a Data object using InfoContainment, it is representing that the Information is present in the Data object.
Which Identities and Applications have which access to the Information is defined by the objects connected to the Data object in question and the connection types to it.
When an Information object is connected to a Data object using InfoContainment, it is representing that the Information is present in multiple locations (Data objects).
This is used to represent backups and high availability solutions.
In order to succeed with Write or Deny on an Information object, the attacker need to succeed with Write or Deny on all Data objects connected as Replica.
Attack step name
Attack step purpose
Prerequisite attack step to the other attack steps.
Deleting information. If multiple Data objects are connected as Replica, all replicas need to be deleted to succeed with deleting Information.
Denying the information. See above.
Reading information. Not related to replicas. Reading one data location (replica) provides Read on the Information.
Writing/altering the information. See above.
No defenses applies to Information.
Defense mechanisms are defined in Application/Data/Identity object connected to the Data objects where the Information is present.
Updated 6 months ago