ASR-A

Logging Change

Logging | One, some or all users | Instantaneous (request) or for a period

Silent

The granularity of logging is changed (typically more logging).

Example 1: Capture sanitised request headers and response bodies

Example 2: Full stack trace of error messages logged

Example 3: Record DNS data on user's IP address

Example 4: Security logging level changed to include 'informational' messages

-

ASR-B

Administrator Notification

Logging and notifying | One, some or all users | Instantaneous

Silent

A notification message is sent to the application administrator(s)

Example 1: Email alert sent to everyone in the administration team

Example 2: SMS alert sent to the on-call administrator

Example 3: Visual indicator displayed on an application monitoring dashboard

Example 4: Audible alarm in the control room

-

ASR-C

Other Notification

Logging and notifying | One user | Instantaneous

Silent

Notification message sent to something or someone other than Administrators (see ASR-B) or the User (see ASR-E)

Example 1: Broadcast event to SIEM

Example 2: Signal sent to network firewall

Example 3: Alert sent to fraud protection department

Example 4: Record added to server event log

Example 5: Event highlighted in a daily management report

Example 6: Email alert to staff member's manager

Example 7: Proactive entry added to customer support system (e.g. "Someone had difficulty logging in with this customer's username - request extra validation for telephone enquiries")

-

ASR-D

User Status Change

Logging | One user | For a period

Passive

A parameter related to the user is modified. This may have an impact on functionality or usability of the application, but only for the one user.

Example 1: Internal trustworthiness scoring about the user changed

Example 2: Reduce payment transfer limit for the customer before additional out-of-band verification is required

Example 3: Reduce maximum file size limit for each file upload by the forum user

Example 4: Increase data validation strictness for all form submissions by this citizen

Example 5: Reduce the number of failed authentication attempts allowed before the user's account is locked (ASR-K below)

-

ASR-E

User Notification

Logging, notifying and disrupting | One user | Instantaneous

Passive

A visual, audible and/or mechanical (e.g. vibration) signal or message is activated, displayed, or sent by other means, to the user.

Example 1: On-screen message about mandatory form fields (e.g. "The 'occupation' must be completed")

Example 2: On-screen message about data validation issues (e.g. 'The bank sort code can only contain six digits with optional hyphens')

Example 3: Message sent by email to the registered email address to inform them their password has been changed

-

ASR-F

Timing Change

Logging and disrupting | One, some or all users | Instantaneous (request) or for a period

Passive

The usual timescales to perform an operation are altered, usually extended, or delays are added.

Example 1: Extend response time for each failed authentication attempt

Example 2: File upload process duration extended artificially

Example 3: Add fixed time delay into every response

Example 4: Order flagged for manual checking

Example 5: Goods despatch put on hold (e.g. despatch status changed)

-

ASR-G

Process Terminated

Logging, notifying (sometimes) and disrupting | One user | Instantaneous

Active

An interruption to the sending, display or process, such that the user has to start again, or start somewhere else. For authenticated users, this would not include termination of their session (see ASR-J). And, they would be free to attempt the process again (e.g. access the resource after logging in, submit a payment transfer, etc).

Example 1: Discard data, display message and force user to begin business process from start

Example 2: Redirection of an unauthenticated user to the log-in page

Example 3: Redirection to home page

Example 4: Display other content (i.e. terminate process but display the output of some other page without redirect)

-

ASR-H

Function Amended

Logging, notifying (sometimes), disrupting and blocking | One, some or all users | For a period or permanent

Active

The usual functionality is amended but not disabled (see ASR-I).

Example 1: Limit on feature usage rate imposed

Example 2: Reduce number of times/day the user can submit a review

Example 3: Additional registration validation steps

Example 4: Additional anti-automation measures (e.g. out-of-band verification activated, CAPTCHA introduced)

Example 5: Static rather than dynamic content returned

Example 6: Additional validation requirements for delivery address

Example 7: Watermarks added to pages, images and other content

-

ASR-I

Function Disabled

Logging, notifying (sometimes), disrupting and blocking | One, some or all users | For a period or permanent

Active

A function or functions are disabled for one, some or all users. Other functionality continues to work as normal.

For changes that affect multiple users, be careful the response cannot be used too easily for denial of service.

Example 1: 'Add friend' feature inactivated

Example 2: 'Recommend to a colleague' feature links removed and disabled

Example 3: Document library search disabled

Example 4: Prevent new site registrations

Example 5: Web service inactivated

Example 6: Content syndication stopped

Example 7: Automated Direct Debit system turned off and manual form offered instead

-

ASR-J

Account Logout

Logging, notifying (sometimes), disrupting and blocking | One user | Instantaneous

Active

The current session is terminated on the server, and the user is logged out.

Often undertaken in conjunction with process termination (ASR-G) and sometimes lockout (ASR-K).

Example 1: Session terminated and user redirected to logged-out message page

Example 2: Session terminated only (no redirect)

-

ASR-K

Account Lockout

Logging, notifying (sometimes), disrupting and blocking | One user | For a period or permanent

Active

An account, session or source address is blocked from access and/or authentication.

Example 1: User account locked for 10 minutes

Example 2: User account locked permanently until an Administrator resets it

Example 3: One user's IP address range blocked

Example 4: Unauthenticated user's session terminated

-

ASR-L

Application Disabled

Logging, notifying (sometimes), disrupting and blocking | All users | Permanent

Active

The whole application is disabled or made unavailable.

Be careful the response cannot be used too easily for denial of service.

Example 1: Website shut down and replaced with temporary static page

Example 2: Application taken offline

-

ASR-M

Collect Data from User

Logging | One user | For a period

Intrusive

Direct action to collect further information from the user's system.

Ensure any use of this type of response is legally permissible in the relevant jurisdictions, and complies with the application's terms of use, privacy notice and corporate policies.

Example 1: Deploy additional browser fingerprinting using JavaScript in responses

Example 2: Deploy a Java applet to collect remote IP address

Example 3: Deploy JavaScript to collect information about the user's network

-