|
Tapping, snooping, scavenging, shoulder surfing and traffic analysis and traffic operational data.
|
Internal or external
|
Human
|
Malicious
|
Confidentiality
|
|
Modification, masquerading, replay and repudiation of acquired data
|
Internal or external
|
Human
|
Malicious
|
Integrity
|
|
Denial of service attacks, riot/civil disorder, arson, labor unrest, procedural violation
|
Internal or external
|
Human
|
Malicious
|
Availability
|
|
Careless use of wireless networks, posting information to discussion boards and blogs, sending sensitive information via e-mail and instant messaging, Improper disposal of sensitive media and failing to log off before leaving workstation
|
Internal
|
Human
|
Non-malicious
|
Confidentiality
|
|
Failure and maintenance data entry errors and omissions
|
Internal
|
Human
|
Non-malicious
|
Integrity
|
|
Programming errors, including syntax and logic problems
|
Internal
|
Human
|
Non-malicious
|
Availability
|
|
Compromising emanations, eavesdropping, takeover of authorized session
|
Internal or external
|
Technological
|
Non-malicious
|
Confidentiality
|
|
Jamming (telecomm)
|
Internal or external
|
Technological
|
Non-malicious
|
Availability
|
|
Faults in power supply and data networks
|
Internal
|
Technological
|
Non-malicious
|
Availability
|
|
Earthquakes, hurricanes, wind, flood, Tsunami, fire, lightning, animals and wildlife
|
External
|
Natural disaster
|
Non-malicious
|
Availability
|