ASR-A

Logging Change

Logging | One, some or all users | Instantaneous (request) or for a period

Silent

The granularity of logging is changed (typically more logging).

Example 1: Capture sanitised request headers and response bodies

Example 2: Full stack trace of error messages logged

Example 3: Record DNS data on user's IP address

Example 4: Security logging level changed to include 'informational' messages

-

ASR-B

Administrator Notification

Logging and notifying | One, some or all users | Instantaneous

Silent

A notification message is sent to the application administrator(s)

Example 1: Email alert sent to everyone in the administration team

Example 2: SMS alert sent to the on-call administrator

Example 3: Visual indicator displayed on an application monitoring dashboard

Example 4: Audible alarm in the control room

-

ASR-C

Other Notification

Logging and notifying | One user | Instantaneous

Silent

Example 1: Broadcast event to SIEM

Example 2: Signal sent to network firewall

Example 3: Alert sent to fraud protection department

Example 4: Record added to server event log

Example 5: Event highlighted in a daily management report

Example 6: Email alert to staff member's manager

Example 7: Proactive entry added to customer support system (e.g. "Someone had difficulty logging in with this customer's username - request extra validation for telephone enquiries")

-

ASR-D

User Status Change

Logging | One user | For a period

Passive

Example 1: Internal trustworthiness scoring about the user changed

Example 2: Reduce payment transfer limit for the customer before additional out-of-band verification is required

Example 3: Reduce maximum file size limit for each file upload by the forum user

Example 4: Increase data validation strictness for all form submissions by this citizen

Example 5: Reduce the number of failed authentication attempts allowed before the user's account is locked (ASR-K below)

-

ASR-E

User Notification

Logging, notifying and disrupting | One user | Instantaneous

Passive

Example 1: On-screen message about mandatory form fields (e.g. "The 'occupation' must be completed")

Example 2: On-screen message about data validation issues (e.g. 'The bank sort code can only contain six digits with optional hyphens')

Example 3: Message sent by email to the registered email address to inform them their password has been changed

-

ASR-F

Timing Change

Logging and disrupting | One, some or all users | Instantaneous (request) or for a period

Passive

Example 1: Extend response time for each failed authentication attempt

Example 2: File upload process duration extended artificially

Example 3: Add fixed time delay into every response

Example 4: Order flagged for manual checking

Example 5: Goods despatch put on hold (e.g. despatch status changed)

-

ASR-G

Process Terminated

Logging, notifying (sometimes) and disrupting | One user | Instantaneous

Active

Example 1: Discard data, display message and force user to begin business process from start

Example 2: Redirection to log-in page

Example 3: Redirection to home page

Example 4: Display other content (i.e. terminate process but display the output of some other page without redirect)

-

ASR-H

Function Amended

Logging, notifying (sometimes), disrupting and blocking | One, some or all users | For a period or permanent

Active

Example 1: Limit on feature usage rate imposed

Example 2: Reduce number of times/day the user can submit a review

Example 3: Additional registration validation steps

Example 4: Additional anti-automation measures (e.g. out-of-band verification activated, CAPTCHA introduced)

Example 5: Static rather than dynamic content returned

Example 6: Additional validation requirements for delivery address

Example 7: Watermarks added to pages, images and other content

-

ASR-I

Function Disabled

Logging, notifying (sometimes), disrupting and blocking | One, some or all users | For a period or permanent

Active

Example 1: 'Add friend' feature inactivated

Example 2: 'Recommend to a colleague' feature links removed and disabled

Example 3: Document library search disabled

Example 4: Prevent new site registrations

Example 5: Web service inactivated

Example 6: Content syndication stopped

Example 7: Automated Direct Debit system turned off and manual form offered instead

-

ASR-J

Account Logout

Logging, notifying (sometimes), disrupting and blocking | One user | Instantaneous

Active

Example 1: Session terminated and user redirected to logged-out message page

Example 2: Session terminated only (no redirect)

-

ASR-K

Account Lockout

Logging, notifying (sometimes), disrupting and blocking | One user | For a period or permanent

Active

Example 1: User account locked for 10 minutes

Example 2: User account locked permanently until an Administrator resets it

Example 3: One user's IP address range blocked

Example 4: Unauthenticated user's session terminated

-

ASR-L

Application Disabled

Logging, notifying (sometimes), disrupting and blocking | All users | Permanent

Active

Example 1: Website shut down and replaced with temporary static page

Example 2: Application taken offline

-

ASR-M

Collect Data from User

Logging | One user | For a period

Intrusive

Example 1: Deploy additional browser fingerprinting using JavaScript in responses

Example 2: Deploy a Java applet to collect remote IP address

Example 3: Deploy JavaScript to collect information about the user's network

-