Infringement
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Web Service
Inappropriate Web Browsing
Installing Unapproved Software
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF014
- Created: 20th June 2024
- Updated: 05th July 2024
- Contributor: The ITM Team
Unauthorized Changes to IT Systems
A subject makes changes to IT systems that have adverse effects and cause operational disruption.
Subsections
| ID | Name | Description |
|---|---|---|
| IF014.005 | Deletion of Cloud Resources | A subject deletes cloud resources, resulting in harm to the organization's operations. |
| IF014.006 | Deletion of Other IT Resources | The subject deletes IT resources resulting in harm to the organization. Examples include virtual machines, virtual disk images, user accounts, and DNS records. |
| IF014.004 | Modification of Access Controls | The subject makes unauthorized changes to access controls resulting in harm. Examples include resetting/changing passwords, locking accounts, or deleting accounts. |
| IF014.001 | Modification of DNS Records | The subject creates, deletes, or edits DNS records resulting in harm. Examples include altering MX records to affect the availability of email communication, removing A records to affect the availability of web resources, or altering A records to redirect traffic to an unintended location. |
| IF014.002 | Modification of Firewall Rules | A subject makes an unauthorized change to the rule table of a network-based firewall, resulting in impaired security or impacted availability. |
| IF014.003 | Modification of Physical Security Controls | A subject interferes with physical security controls, such as an identification card system used to control access to areas of a site, to cause disruption or gain unauthorized access. |