Motive
Coercion
Espionage
Fear of Reprisals
Hubris
Human Error
Joiner
Lack of Awareness
Leaver
Misapprehension or Delusion
Mover
Personal Gain
Political or Philosophical Beliefs
Recklessness
Resentment
Self Sabotage
Third Party Collusion Motivated by Personal Gain
- ID: MT011
- Created: 22nd May 2024
- Updated: 21st July 2024
- Contributor: The ITM Team
Hubris
A subject accesses and exfiltrates or destroys sensitive data or otherwise contravenes internal policies with the aim to successfully defeat controls in order to demonstrate ability and/or skill.
Prevention
| ID | Name | Description |
|---|---|---|
| PV003 | Enforce an Acceptable Use Policy | An Acceptable Use Policy (AUP) is a set of rules outlining acceptable and unacceptable uses of an organization's computer systems and network resources. It acts as a deterrent to prevent employees from conducting illegitimate activities by clearly defining expectations, reinforcing legal and ethical standards, establishing accountability, specifying consequences for violations, and promoting education and awareness about security risks. |
| PV022 | Internal Whistleblowing | Provide a process for all staff members to report concerning and/or suspicious behaviour to the organization's security team for review. An internal whistleblowing process should take into consideration the privacy of the reporter and the subject(s) of the report, with specific regard to safeguarding against reprisals against reporters. |
| PV013 | Pre-Employment Background Checks | Background checks should be conducted to ensure whether the information provided by the candidate during the interview process is truthful. This could include employment and educational reference checks, and a criminal background check. Background checks can highlight specific risks, such as a potential for extortion. |