ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: IF002.002
  • Created: 31st May 2024
  • Updated: 14th June 2024
  • Contributor: The ITM Team

Exfiltration via Physical Access to System Drive

A subject exfiltrates data by retrieving the physical drive used by a system.

Prevention

ID Name Description
PV016Enforce a Data Classification Policy

A Data Classification Policy establishes a standard for handling data by setting out criteria for how data should be classified and subsequently managed and secured. A classification can be applied to data in such a way that the classification is recorded in the body of the data (such as a footer in a text document) and/or within the metadata of a file.

PV003Enforce an Acceptable Use Policy

An Acceptable Use Policy (AUP) is a set of rules outlining acceptable and unacceptable uses of an organization's computer systems and network resources. It acts as a deterrent to prevent employees from conducting illegitimate activities by clearly defining expectations, reinforcing legal and ethical standards, establishing accountability, specifying consequences for violations, and promoting education and awareness about security risks.

Detection

ID Name Description
DT008Tamper Seal

A tamper seal can be used to protect against tampering or unauthorized access of an object. Tamper seals can provide visual evidence if an object has been opened or attempted to be opened.