Means
Aiding and Abetting
Asset Control
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
FTP Servers
Installed Software
Media Capture
Network Attached Storage
Physical Disk Access
Printing
Privileged Access
Removable Media
Screenshots
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: ME021.005
- Created: 19th June 2024
- Updated: 24th July 2024
- Platforms: Windows, Linux, MacOS
- Contributor: The ITM Team
SSH Keys
SSH keys that were available to the subject during employment are not revoked and can still be used.
Prevention
| ID | Name | Description |
|---|---|---|
| PV023 | Access Reviews | Routine reviews of user accounts and their associated privileges and permissions should be conducted to identify overly-permissive accounts, or accounts that are no longer required to be active. |
| PV024 | Employee Off-boarding Process | When an employee leaves the organization, a formal process should be followed to ensure all equipment is returned, and any associated accounts or access is revoked. |
Detection
| ID | Name | Description |
|---|---|---|
| DT052 | Audit Logging | Audit Logs are records generated by systems and applications to document activities and changes within an environment. They provide an account of events, including user actions, system modifications, and access patterns. |