Disruptive Threats - Splitting Hairs
I've been reading about disruptive threats in relation to BCP/DRP. More specifically the human type. It is stated that human threats are the most common when compared with natural and environmental. Human threats can be further divided into intentional and unintentional. Intentional threats are deliberate and include a "hacker" using malware to capture card holder data. Unintentional threats are not deliberate and occur to due to laziness or carelessness.
How would you categorize the threat of an employee who unknowingly is infected with malware which causes business disruption? I have my opinion but reading this made me think this through a little.
How would you categorize the threat of an employee who unknowingly is infected with malware which causes business disruption? I have my opinion but reading this made me think this through a little.
Comments
Now, if you were asking about the attacker who infected the employee, it would definitely be intentional.
Hopefully user education of the security policy can prevent these types of things from happening, but we are human after all.
So these things should be expected but kept to a minimum.