Motive
Coercion
Espionage
Fear of Reprisals
Hubris
Human Error
Joiner
Lack of Awareness
Leaver
Misapprehension or Delusion
Mover
Personal Gain
Political or Philosophical Beliefs
Recklessness
Resentment
Self Sabotage
Third Party Collusion Motivated by Personal Gain
- ID: MT008
- Created: 22nd May 2024
- Updated: 30th June 2024
- Contributor: The ITM Team
Lack of Awareness
A subject is unaware that they are prohibited from accessing and exfiltrating or destroying sensitive data or otherwise contravening internal policies.
Prevention
| ID | Name | Description |
|---|---|---|
| PV016 | Enforce a Data Classification Policy | A Data Classification Policy establishes a standard for handling data by setting out criteria for how data should be classified and subsequently managed and secured. A classification can be applied to data in such a way that the classification is recorded in the body of the data (such as a footer in a text document) and/or within the metadata of a file. |
| PV004 | Enforce a Social Media Policy | A social media policy is a set of rules that governs how employees should use social media platforms in connection with their work. It outlines acceptable and unacceptable behaviors, helps employees understand the consequences of misuse, and serves as a deterrent by promoting accountability, raising awareness of risks, and ensuring consistent enforcement. |
| PV003 | Enforce an Acceptable Use Policy | An Acceptable Use Policy (AUP) is a set of rules outlining acceptable and unacceptable uses of an organization's computer systems and network resources. It acts as a deterrent to prevent employees from conducting illegitimate activities by clearly defining expectations, reinforcing legal and ethical standards, establishing accountability, specifying consequences for violations, and promoting education and awareness about security risks. |