Closed-Circuit Television

A subject observes and/or records the locations of CCTV cameras in a target area.

A subject attempts to defeat physical security controls by smuggling an item (potentially an innocent item at first) into a controlled area to facilitate an infringement (such as a smart phone with a camera).

A subject attempts to defeat physical security controls to gain access to a secured area to conduct an infringement.

A subject uses an external device, such as a mobile phone or camera, to record audio, photos, or video to capture media.

A subject may exfiltrate data via a physical medium, such as a removable drive.

A subject can capture photos, videos and/or audio with an external device, such as taking photos of a screen, documents, or their surroundings.

A subject makes comments either in-person or online that can damage the organization's brand through association.

A subject exfiltrates information by printing it to paper or other physical medium.

A subject may remove attached disk storage from a system to deny investigators access to the files stored within it.

A subject may destroy or otherwise impair physical storage media such as hard drives to prevent them from being analyzed.

A subject removes the physical disk of a target system to access the target file system with an external device/system.

A subject uses an external device, such as a mobile phone or camera, to take video recordings containing sensitive information.

A subject uses a device, such as a mobile phone or camera, to take photos containing sensitive information.

A subject uses an external device, such as a mobile phone or camera, to take record audio containing sensitive information, such as conversations.

The subject intentionally weakens or bypasses physical security controls for a third party, such as allowing them to piggyback into a secure area, leaving a door unlocked for them, or providing them with a security pass.

A subject tansports physical documents outside of the control of the organization.

Physical security credentials, such as an ID card or physical keys, that were available to the subject during employment are not revoked and can still be used.

A subject steals non-digital assets, such as physical documents, belonging to an organization.

A subject steals other digital assets, such as monitors, hard drives, or peripherals, belonging to an organization.

A subject steals a corporate mobile phone belonging to an organization.

A subject steals a corporate laptop belonging to an organization.

The subject uses a USB cable, and any relevant software if required, to transfer files or data from one system to a mobile device. This device is then taken outside of the organization's control, where the subject can later access the contents.

A subject exfiltrates data using writeable disk media.