ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV009
  • Created: 31st May 2024
  • Updated: 31st May 2024
  • Contributor: The ITM Team

Prohibition of Devices On-site

Certain infringements can be prevented by prohibiting certain devices from being brought on-site.

Sections

ID Name Description
PR008Physical Item Smuggling

A subject attempts to defeat physical security controls by smuggling an item (potentially an innocent item at first) into a controlled area to facilitate an infringement (such as a smart phone with a camera).

ME013Media Capture

A subject can capture photos, videos and/or audio with an external device, such as taking photos of a screen, documents, or their surroundings.

IF003Exfiltration via Media Capture

A subject uses an external device, such as a mobile phone or camera, to record audio, photos, or video to capture media.

ME005Removable Media

A subject can mount and write to removable media.

PR007CCTV Enumeration

A subject observes and/or records the locations of CCTV cameras in a target area.

IF019Non-Corporate Device

The subject performs work-related tasks on an unauthorized, non-organization-owned device, likely violating organizational policy. Without the organization’s security controls in place, this device could be used to bypass established safeguards. Moreover, using a personal device increases the risk of sensitive data being retained or exposed, particularly after the subject is offboarded, as the organization has no visibility or control over information stored outside its managed systems.

IF004.002Exfiltration via AirDrop

A subject exfiltrates files using AirDrop as the transportation medium.

IF004.001Exfiltration via Bluetooth

A subject exfiltrates files using BlueTooth as the transportation medium.

IF003.001Exfiltration via Photography

A subject uses a device, such as a mobile phone or camera, to take photos containing sensitive information.

IF003.002Exfiltration via Video Capture

A subject uses an external device, such as a mobile phone or camera, to take video recordings containing sensitive information.

IF003.003Exfiltration via Audio Capture

A subject uses an external device, such as a mobile phone or camera, to take record audio containing sensitive information, such as conversations.

ME005.001USB Mass Storage

A subject can mount and write to a USB mass storage device.

ME005.002SD Cards

A subject can mount and write to an SD card, either directly from the system, or through a USB connector.

IF002.008Exfiltration via USB to Mobile Device

The subject uses a USB cable, and any relevant software if required, to transfer files or data from one system to a mobile device. This device is then taken outside of the organization's control, where the subject can later access the contents.