ITM is an open framework - Submit your contributions now.

Infringement

Disruption of Business Operations

Exfiltration via Media Capture

Exfiltration via Messaging Applications

Exfiltration via Other Network Medium

Exfiltration via Physical Medium

Installing Unapproved Software

Providing Access to a Unauthorized Third Party

Public Statements Resulting in Brand Damage

Sharing on AI Chatbot Platforms

Unauthorized Changes to IT Systems

Unauthorized Printing of Documents

Unlawfully Accessing Copyrighted Material

ID: IF016.005
Created: 22nd July 2024
Updated: 22nd July 2024
Contributor: The ITM Team

Modification of Invoices

A subject with access to a billing system or indirect access to a billing system misuses their access to modify existing invoices, causing payments to be diverted to themselves, a business they own, or a third party.

Prevention

ID	Name	Description
PV027	Financial Approval Process	The financial approval process is a structured procedure used by organizations to review and authorize financial transactions. It includes segregation of duties, authorization levels, and documentation and audit trails to prevent financial abuse and ensure adherence to policies and budgets.

Detection

ID	Name	Description
DT067	Financial Auditing	Financial auditing independently reviews financial records to ensure accuracy and compliance, detecting irregularities and evaluating internal controls. It protects against abuse by identifying fraud and deterring dishonest behavior through increased accountability.

Insider Threat Matrix™

Infringement

Disruption of Business Operations

Excessive Personal Use

Exfiltration via Email