A potential violation of security.
Types
Human or not
Whether caused by human or not (natural).
Natural threats are:
- earthquakes
- fire
- water
Human threats are:
- human error
- impersonation
Intent
Defined only for human threats. Refers to the purpose or motivation behind the threat. Classified as malicious or benign.
Malicious
Deliberately trying to cause harm. Planned and deceptive.
Examples:
- launching a malware attack
- stealing sensitive data
- performing denial-of-service (DoS) attacks
Benign
No deliberate intention to cause harm. Can still cause harm). Often due to human error. Typically associated with normal users or system processes
Examples:
- accidental deletion of files
- misconfiguration of a server
- sending data to the wrong recipient
Directed or Random
Directed
Threats for specific target(s).
Random
Not directed for specific target(s).
Active or Passive
Active
Where changes are caused (or can be caused) in the system.
Passive
Where changes are not caused (and cannot be caused) in the system.
Examples
Advanced Persistent Threats
Aka. APTs. Well-organized, patient, and financed attacks. Targets are often high-priority and cannot be easily protected. Directed, malicious threats caused by human.