ITM is an open framework - Submit your contributions now.

Preventions

No Ready System-Level Mitigation

Restrict Access to Administrative Privileges

Enforce an Acceptable Use Policy

Enforce a Social Media Policy

Install an Anti-Virus Solution

Install a Web Proxy Solution

Restrict Access to Registry Editor

Enforce File Permissions

Prohibition of Devices On-site

Physical Access Controls

End-User Security Awareness Training

Pre-Employment Background Checks

Disable Printing, Windows

Application Whitelisting

Enforce a Data Classification Policy

Prohibit Email Auto-Forwarding to External Domains, Exchange

Network Intrusion Prevention Systems

Data Loss Prevention Solution

DNS Filtering

Internal Whistleblowing

Access Reviews

Employee Off-boarding Process

Full Disk Encryption

Restrict Mobile Clipboard via Intune App Protection Policies

Financial Approval Process

Corporate Card Spending Limits

Enterprise-Managed Web Browsers

Bootloader Password

Next-Generation Firewalls

Native Anti-Tampering Protections

Protocol Allow Listing

Restrict Disc Media Mounting, Group Policy

Restrict Floppy Drive Mounting, Group Policy

Restrict Removable Disk Mounting, Group Policy

Insider Threat Awareness Training

Employee Mental Health & Support Program

Network Access Control (NAC)

Mobile Device Management (MDM)

Employee Vulnerability Support Program

ID: PV009
Created: 31st May 2024
Updated: 31st May 2024
Contributor: The ITM Team

Prohibition of Devices On-site

Certain infringements can be prevented by prohibiting certain devices from being brought on-site.

Sections

ID	Name	Description
PR008	Physical Item Smuggling	A subject attempts to defeat physical security controls by smuggling an item (potentially an innocent item at first) into a controlled area to facilitate an infringement (such as a smart phone with a camera).
ME013	Media Capture	A subject can capture photos, videos and/or audio with an external device, such as taking photos of a screen, documents, or their surroundings.
IF003	Exfiltration via Media Capture	A subject uses an external device, such as a mobile phone or camera, to record audio, photos, or video to capture media.
ME005	Removable Media	A subject can mount and write to removable media.
PR007	CCTV Enumeration	A subject observes and/or records the locations of CCTV cameras in a target area.
IF019	Non-Corporate Device	The subject performs work-related tasks on an unauthorized, non-organization-owned device, likely violating organizational policy. Without the organization’s security controls in place, this device could be used to bypass established safeguards. Moreover, using a personal device increases the risk of sensitive data being retained or exposed, particularly after the subject is offboarded, as the organization has no visibility or control over information stored outside its managed systems.
ME022	Bring Your Own Device (BYOD)	An organization has a Bring Your Own Device (BYOD) policy, where a subject is authorized to connect personally owned devices—such as smartphones, tablets, or laptops—to organizational resources. These resources include corporate networks, cloud applications, and on-premises systems that may handle confidential and/or sensitive information. The use of personal devices in a corporate environment introduces several risks, as these devices may lack the same level of security controls and monitoring as organization-owned equipment.
IF004.002	Exfiltration via AirDrop	A subject exfiltrates files using AirDrop as the transportation medium.
IF004.001	Exfiltration via Bluetooth	A subject exfiltrates files using BlueTooth as the transportation medium.
IF003.001	Exfiltration via Photography	A subject uses a device, such as a mobile phone or camera, to take photos containing sensitive information.
IF003.002	Exfiltration via Video Capture	A subject uses an external device, such as a mobile phone or camera, to take video recordings containing sensitive information.
IF003.003	Exfiltration via Audio Capture	A subject uses an external device, such as a mobile phone or camera, to take record audio containing sensitive information, such as conversations.
ME005.001	USB Mass Storage	A subject can mount and write to a USB mass storage device.
ME005.002	SD Cards	A subject can mount and write to an SD card, either directly from the system, or through a USB connector.
IF002.008	Exfiltration via USB to Mobile Device	The subject uses a USB cable, and any relevant software if required, to transfer files or data from one system to a mobile device. This device is then taken outside of the organization's control, where the subject can later access the contents.