Deliberate Threats to Information Systems
This threat involves unauthorized access to organizational data and may include industrial theft of confidential information.
What is espionage or trespass?
A large-scale control system used for critical infrastructure like power grids and water plants.
What is a SCADA system?
This application control only allows pre-approved software applications to run on a system.
What is Whitelisting?
This type of software is secretly installed and includes adware, spyware, and spamware.
What is alien software?
This social engineering attack tricks users into revealing confidential information via deceptive emails or websites.
What is phishing?
This principle states that users should be granted the privilege for an activity only if there is a justifiable need for them to perform that activity.
What is the principle of least privilege?
This form of identity crime includes phishing, stealing mail, or hacking databases to impersonate someone else.
What is Identity Theft?
Nation-state actors may use this to destabilize another country's infratructure
What is cyberwarfare?
This access control is applied at the application and the network layer.
What is Multi-Factor Authentication?
What is information extortion?
This occurs when a perpetrator watches an employee's computer screen over their shoulder
What is Shoulder Surfing?
This access control transforms readable data into an unreadable format to protect it from unauthorized access.
What is Encryption?
These deliberate acts can damage a company’s reputation by defacing its website or launching online protests.
What is sabotage or vandalism?
Modern cyberattacks often use this combination of malware, phishing, and social engineering.
What is a blended threat?
These controls, also known as network security controls, are designed to protect the movement of data across networks.
What are Communications Controls?