Preventions
- ID: PV012
- Created: 01st June 2024
- Updated: 01st June 2024
- Contributor: The ITM Team
End-User Security Awareness Training
Mandatory security awareness training for employees can help them to recognize a range of cyber attacks that they can play a part in preventing or detecting. This can include topics such as phishing, social engineering, and data classification, amongst others.
Sections
| ID | Name | Description |
|---|---|---|
| IF011 | Providing Access to a Unauthorized Third Party | A subject intentionally provides system or data access to a third party that is not authorized to access it. |
| ME005 | Removable Media | A subject can mount and write to removable media. |
| MT015 | Recklessness | The subject does not have a threatening motive. However, the subject under takes actions without due care and attention to the outcome, which causes an infringement. |
| PR022 | Social Engineering (Outbound) | A subject deceptively manipulates and/or persuades others in order to gain access to devices, systems or services that hold sensitive information, or to otherwise cause harm or undermine a target organization. |
| IF017 | Excessive Personal Use | A subject uses organizational resources, such as internet access, email, or work devices, for personal activities both during and outside work hours, exceeding reasonable personal use. This leads to reduced productivity, increased security risks, and the potential mixing of personal and organizational data, ultimately affecting the organization’s efficiency and overall security. |
| IF002.005 | Exfiltration via Physical Documents | A subject tansports physical documents outside of the control of the organization. |
| ME005.001 | USB Mass Storage | A subject can mount and write to a USB mass storage device. |
| ME005.002 | SD Cards | A subject can mount and write to an SD card, either directly from the system, or through a USB connector. |
| ME005.003 | Disc Media | A subject can mount and write to disc media including, CD-R, DVD and Blu-ray discs. |
| ME006.001 | Webmail | A subject can access personal webmail services in a browser. |
| ME006.002 | Cloud Storage | A subject can access personal cloud storage in a browser. |
| ME006.003 | Inappropriate Websites | A subject can access websites containing inappropriate content. |
| ME006.004 | Note-Taking Websites | A subject can access external note-taking websites (Such as Evernote). |
| ME006.005 | Messenger Services | A subject can access external messenger web-applications with the ability to transmit data and/or files. |
| MT012.001 | Social Engineering (Inbound) | A third party deceptively manipulates and/or persuades a subject to divulge information, or gain access to devices or systems, or to otherwise cause harm or undermine a target organization. |
| ME006.007 | Text Storage Websites | A subject can access external text storage websites, such as Pastebin. |