T 2 Threats Catalogue Organisational Shortcomings

T 2.1 Lack of, or insufficient, rules
T 2.2 Insufficient knowledge of requirements documents
T 2.3 A lack of compatible, or unsuitable, resources
T 2.4 Insufficient monitoring of IT security measures
T 2.5 Lack of, or inadequate, maintenance
T 2.6 Unauthorised admission to rooms requiring protection
T 2.7 Unauthorised use of rights
T 2.8 Uncontrolled use of resources
T 2.9 Poor adjustment to changes in the use of IT
T 2.10 Data media are not available when required
T 2.11 Insufficient bandwidth planning
T 2.12 Insufficient documentation on cabling
T 2.13 Inadequately protected distributors
T 2.14 Impairment of IT usage on account of adverse working conditions
T 2.15 Loss of confidentiality of sensitive data in the Unix system
T 2.16 Non-regulated change of users in the case of laptop PCs
T 2.17 Inadequate labelling of data media
T 2.18 Improper delivery of data media
T 2.19 Inadequate key management for encryption
T 2.20 Inadequate supply of printing consumables for fax machines
T 2.21 Inadequate organisation of the exchange of users
T 2.22 Lack of evaluation of auditing data
T 2.23 Security flaws involved in integrating DOS PC's into a server-based network
T 2.24 Loss of confidentiality of sensitive data of the network to be protected
T 2.25 Reduction of transmission or execution speed caused by Peer-to-Peer functions
T 2.26 Lack of, or inadequate software test and release procedures
T 2.27 Lack of, or inadequate documentation
T 2.28 Violation of copyright
T 2.29 Software testing with production data
T 2.30 Inadequate domain planning
T 2.31 Inadequate protection of the Windows NT system
T 2.32 Inadequate line bandwidth
T 2.33 Siting of Novell Netware Servers in an insecure environment
T 2.34 Absence of, or inadequate activation of Novell Netware security mechanisms
T 2.35 Lack of auditing under Windows 95
T 2.36 Inappropriate restriction of user environment
T 2.37 Uncontrolled usage of communications lines
T 2.38 Lack of, or inadequate implementation of database security mechanisms
T 2.39 Complexity of a DBMS
T 2.40 Complexity of database access
T 2.41 Poor organisation of the exchange of database users
T 2.42 Complexity of the NDS
T 2.43 Migration of Novell Netware 3.x to Novell Netware Version 4
T 2.44 Incompatible active and passive network components
T 2.45 Conceptual deficiencies of a network
T 2.46 Exceeding the maximum allowed cable/bus length or ring size
T 2.47 Insecure transport of files and data media
T 2.48 Inadequate disposal of data media and documents at the home work place
T 2.49 Lack of, or inadequate, training of teleworkers
T 2.50 Delays caused by a temporarily restricted availability of teleworkers
T 2.51 Poor integration of teleworkers into the information flow
T 2.52 Longer response times in the event of an IT system breakdown
T 2.53 Inadequate regulations concerning substitution of teleworkers
T 2.54 Loss of confidentiality through hidden pieces of data.
T 2.55 Uncontrolled use of electronic mail
T 2.56 Inadequate description of files
T 2.57 Inadequate storage of media in the event of an emergency
T 2.58 Novell Netware and date conversion to the year 2000
T 2.59 Operation of non-registered components
T 2.60 Strategy for the network system and management system is not laid down or insufficient
T 2.61 Unauthorised collection of personal data
T 2.62 Inappropriate handling of security incidents
T 2.63 Uncontrolled use of faxes
T 2.64 Lack of or defective rules for the RAS system
T 2.65 Complexity of the SAMBA Configuration
T 2.66 Lack of or Inadequate IT Security Management

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update: October 2000