Availability

In Brief

The ‘availability’ of an asset within an entity is the assurance that it can be used in terms of time and expected performance. Security measures intended to guarantee the availability of assets must, therefore, ensure that a resource remains usable in terms of capacity and planned time. (See also classification.)

Threats Jeopardising Availability

Here is a non-exhaustive list of EBIOS threats that can jeopardise the availability of an asset:

Physical damage

• Fire (SME: see Fire)
• Water damage
• Pollution
• Major disaster
• Destruction of equipment or supports (SME: see Computer or communication equipment broken down )
• Dust, corrosion, frost

Natural events

• Climatic phenomenon
• Seismic phenomenon
• Volcanic phenomenon
• Meteorological phenomenon
• Raw

Loss of essential services

• Air conditioning failure
• Energy Power Loss (SME: see Power Failure)
• Loss of telecommunication (SME: see Unavailable network access and Interruption of communications and Discontinuity of service providers)

Distribution due to radiation

• Electromagnetic radiation
• Thermal radiation
• Electromagnetic pulses (EMI)

Compromise of information

• Theft of media or documents (SME: see Robbery and Penetration in premises)
• Theft of equipment (SME: see Robbery and Penetration in premises)

Technical failures

• Hardware failure (SME: see Computer or communication equipment broken down and Damage to equipment during transport)
• Equipment malfunction (SME: Insertion or removal of equipment)
• Information system saturation
• Software malfunction
• Attack on the maintainability of the information system (SME: see Unusable backups and Impossible administration and Inappropriate software environment)

Unauthorised actions

• Illegal use of materials (SME: see Misuse of organisational resources)
• Use of counterfeit or copied software (SME: see Invalid or non-existent licence )
• Illegal data processing (SME: see Unauthorised processing of personal data - Employee monitoring and Regulatory requirements)

Compromise of functions

• User error (SME: see Human error)
• Abuse of rights (SME: see Abuse of organisational resources)
• Usurpation of rights (SME: see Malicious administrator and Use of access reserved for a user by a third party)
• Denial of service (SME: see Attacks by distributed denial of service and denial of service)
• Impairment of staff availability (SME: see Absent staff)