Disruptive Threats - Splitting Hairs

I've been reading about disruptive threats in relation to BCP/DRP. More specifically the human type. It is stated that human threats are the most common when compared with natural and environmental. Human threats can be further divided into intentional and unintentional. Intentional threats are deliberate and include a "hacker" using malware to capture card holder data. Unintentional threats are not deliberate and occur to due to laziness or carelessness.

How would you categorize the threat of an employee who unknowingly is infected with malware which causes business disruption? I have my opinion but reading this made me think this through a little.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

jt2929

Since the employee unknowingly was infected with malware, I would categorize this as unintentional. The employee probably clicked a link or opened an attachment they weren't supposed to, which is carelessness.

Now, if you were asking about the attacker who infected the employee, it would definitely be intentional.

Rumblr33

I would categorize this employee as an "unintentional" threat since they unknowingly infected the business.
Hopefully user education of the security policy can prevent these types of things from happening, but we are human after all.
So these things should be expected but kept to a minimum.

g33k3r

Yep, this is what I was thinking as well. Another reason why you need to carefully read the questions.