Information

Purpose

The Information object is representing a set of information that is particularly interesting to analyze. An Information object is optional but enables taking replication aspects like backups and high availability solutions into account.

Connections

Data

An Information object can be connected to one or several Data objects. The available connection types are InfoContainment and Replica.

InfoContainment

When an Information object is connected to a Data object using InfoContainment, it is representing that the Information is present in the Data object.

Which Identities and Applications have which access to the Information is defined by the objects connected to the Data object in question and the connection types to it.

1206 — The Customer Records are located in the Database.

Replica

When an Information object is connected to a Data object using InfoContainment, it is representing that the Information is present in multiple locations (Data objects).

This is used to represent backups and high availability solutions.

In order to succeed with Write or Deny on an Information object, the attacker need to succeed with Write or Deny on all Data objects connected as Replica.

1272 — Database with backup. Succeeding with Write required succeeding with Write on all Replicas.

Properties

AttackSteps

Attack step name	Attack step purpose
AttemptAccess	Prerequisite attack step to the other attack steps.
Delete	Deleting information. If multiple Data objects are connected as Replica, all replicas need to be deleted to succeed with deleting Information.
Deny	Denying the information. See above.
Read	Reading information. Not related to replicas. Reading one data location (replica) provides Read on the Information.
Write	Writing/altering the information. See above.

Defenses

Defense name	Defense purpose
No defenses applies to Information.	Defense mechanisms are defined in Application/Data/Identity object connected to the Data objects where the Information is present.