Means
Aiding and Abetting
Asset Control
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
FTP Servers
Installed Software
Media Capture
Network Attached Storage
Physical Disk Access
Printing
Privileged Access
Removable Media
Screenshots
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: AR2
- Created: 22nd May 2024
- Updated: 23rd July 2024
Means
The mechanisms or circumstances required for an infringement to occur.
Sections
| ID | Name | Description |
|---|---|---|
| ME018 | Aiding and Abetting | An individual or individuals knowingly assist a subject to gain access to devices, systems, or services that hold sensitive information, or otherwise contravene internal policies. |
| ME001 | Asset Control | A subject can access devices that have not been assigned to them. |
| ME004 | Bluetooth | A subject can conduct bluetooth file transfers from an organization device. |
| ME022 | Bring Your Own Device (BYOD) | An organization has a Bring Your Own Device (BYOD) policy, where a subject is authorized to connect personally owned devices—such as smartphones, tablets, or laptops—to organizational resources. These resources include corporate networks, cloud applications, and on-premises systems that may handle confidential and/or sensitive information.
The use of personal devices in a corporate environment introduces several risks, as these devices may lack the same level of security controls and monitoring as organization-owned equipment. |
| ME012 | Clipboard | A subject can use the clipboard on a device (copy & paste). |
| ME009 | FTP Servers | A subject is able to access external FTP servers. |
| ME003 | Installed Software | A subject can leverage software approved for installation or software that is already installed. |
| ME013 | Media Capture | A subject can capture photos, videos and/or audio with an external device, such as taking photos of a screen, documents, or their surroundings. |
| ME008 | Network Attached Storage | A subject can write to a Network Attached Storage (NAS) device outside of the organisations control. |
| ME017 | Physical Disk Access | A subject has the ability to access the physical disk of a target system. |
| ME014 | Printing | A subject has the ability to print documents and other files. |
| ME007 | Privileged Access | A subject has privileged access to devices, systems or services that hold sensitive information. |
| ME005 | Removable Media | A subject can mount and write to removable media. |
| ME011 | Screenshots | A subject can take screenshots on a device. |
| ME015 | SMB File Sharing | A subject has the ability to share files across a network through Server Message Block (SMB) file sharing. |
| ME010 | SSH Servers | A subject is able to access external SSH servers. |
| ME016 | System Startup Firmware Access | A subject has the ability to access the system startup firmware of a target system. |
| ME002 | Unrestricted Software Installation | A subject can install software on a device without restriction. |
| ME021 | Unrevoked Access | The subject has left the organization but still has access to services or data that is reserved for employees. |
| ME006 | Web Access | A subject can access the web with an organization device. |