ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: IF014.004
  • Created: 20th June 2024
  • Updated: 27th July 2024
  • Contributor: The ITM Team

Modification of Access Controls

The subject makes unauthorized changes to access controls resulting in harm. Examples include resetting/changing passwords, locking accounts, or deleting accounts.

Prevention

ID Name Description
PV002Restrict Access to Administrative Privileges

The Principle of Least Privilege should be enforced, and period reviews of permissions conducted to ensure that accounts have the minimum level of access required to complete duties as per their role.

Detection

ID Name Description
DT052Audit Logging

Audit Logs are records generated by systems and applications to document activities and changes within an environment. They provide an account of events, including user actions, system modifications, and access patterns.