Home
Certification Preparation
(ISC)²
SSCP
Disruptive Threats - Splitting Hairs
g33k3r
I've been reading about disruptive threats in relation to BCP/DRP. More specifically the human type. It is stated that human threats are the most common when compared with natural and environmental. Human threats can be further divided into intentional and unintentional. Intentional threats are deliberate and include a "hacker" using malware to capture card holder data. Unintentional threats are not deliberate and occur to due to laziness or carelessness.
How would you categorize the threat of an employee who unknowingly is infected with malware which causes business disruption? I have my opinion but reading this made me think this through a little.
Find more posts tagged with
Comments
jt2929
Since the employee unknowingly was infected with malware, I would categorize this as unintentional. The employee probably clicked a link or opened an attachment they weren't supposed to, which is carelessness.
Now, if you were asking about the attacker who infected the employee, it would definitely be intentional.
Rumblr33
I would categorize this employee as an "unintentional" threat since they unknowingly infected the business.
Hopefully user education of the security policy can prevent these types of things from happening, but we are human after all.
So these things should be expected but kept to a minimum.
g33k3r
Yep, this is what I was thinking as well. Another reason why you need to carefully read the questions.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
