Infringement
Data Loss
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Web Service
Harassment and Discrimination
Inappropriate Web Browsing
Installing Unapproved Software
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Regulatory Non-Compliance
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF011.002
- Created: 01st June 2024
- Updated: 26th July 2024
- Contributor: The ITM Team
Intentionally Weakening Physical Security Controls For a Third Party
The subject intentionally weakens or bypasses physical security controls for a third party, such as allowing them to piggyback into a secure area, leaving a door unlocked for them, or providing them with a security pass.
Prevention
| ID | Name | Description |
|---|---|---|
| PV011 | Physical Access Controls | Access to specific areas of a site should be restricted to only authorized personnel, through the use of controls such as locked doors, mantraps, and gates requiring an ID badge. |
Detection
| ID | Name | Description |
|---|---|---|
| DT033 | Closed-Circuit Television | CCTV can be used to observe activity within or around a site. This control can help to detect preparation or infringement activities and record it to a video file. |