Disruptive Threats - Splitting Hairs

g33k3rg33k3r Member Posts: 249 ■■□□□□□□□□
in SSCP
I've been reading about disruptive threats in relation to BCP/DRP. More specifically the human type. It is stated that human threats are the most common when compared with natural and environmental. Human threats can be further divided into intentional and unintentional. Intentional threats are deliberate and include a "hacker" using malware to capture card holder data. Unintentional threats are not deliberate and occur to due to laziness or carelessness.

How would you categorize the threat of an employee who unknowingly is infected with malware which causes business disruption? I have my opinion but reading this made me think this through a little.
· Share on FacebookShare on Twitter

Comments

  • jt2929jt2929 Member Posts: 244 ■■■□□□□□□□
    Since the employee unknowingly was infected with malware, I would categorize this as unintentional. The employee probably clicked a link or opened an attachment they weren't supposed to, which is carelessness.

    Now, if you were asking about the attacker who infected the employee, it would definitely be intentional.
    · Share on FacebookShare on Twitter
  • Rumblr33Rumblr33 Member Posts: 99 ■■□□□□□□□□
    I would categorize this employee as an "unintentional" threat since they unknowingly infected the business.
    Hopefully user education of the security policy can prevent these types of things from happening, but we are human after all.
    So these things should be expected but kept to a minimum.
    · Share on FacebookShare on Twitter
  • g33k3rg33k3r Member Posts: 249 ■■□□□□□□□□
    Yep, this is what I was thinking as well. Another reason why you need to carefully read the questions.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.