Infringement
Data Loss
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Web Service
Harassment and Discrimination
Inappropriate Web Browsing
Installing Unapproved Software
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Regulatory Non-Compliance
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF014
- Created: 20th June 2024
- Updated: 05th July 2024
- Contributor: The ITM Team
Unauthorized Changes to IT Systems
A subject makes changes to IT systems that have adverse effects and cause operational disruption.
Subsections
| ID | Name | Description |
|---|---|---|
| IF014.005 | Deletion of Cloud Resources | A subject deletes cloud resources, resulting in harm to the organization's operations. |
| IF014.006 | Deletion of Other IT Resources | The subject deletes IT resources resulting in harm to the organization. Examples include virtual machines, virtual disk images, user accounts, and DNS records. |
| IF014.004 | Modification of Access Controls | The subject makes unauthorized changes to access controls resulting in harm. Examples include resetting/changing passwords, locking accounts, or deleting accounts. |
| IF014.001 | Modification of DNS Records | The subject creates, deletes, or edits DNS records resulting in harm. Examples include altering MX records to affect the availability of email communication, removing A records to affect the availability of web resources, or altering A records to redirect traffic to an unintended location. |
| IF014.002 | Modification of Firewall Rules | A subject makes an unauthorized change to the rule table of a network-based firewall, resulting in impaired security or impacted availability. |
| IF014.003 | Modification of Physical Security Controls | A subject interferes with physical security controls, such as an identification card system used to control access to areas of a site, to cause disruption or gain unauthorized access. |