T 3 Threats Catalogue - Human Failure

T 3.1 Loss of data confidentiality/integrity as a result of IT user error
T 3.2 Negligent destroying of equipment or data
T 3.3 Non-compliance with IT security measures
T 3.4 Inadmissible connection of cables
T 3.5 Inadvertent damaging of cables
T 3.6 Hazards posed by cleaning staff or outside staff
T 3.7 Failure of the PBX due to operating errors
T 3.8 Improper use of the IT system
T 3.9 Improper IT system administration
T 3.10 Incorrect export of file systems under Unix
T 3.11 Improper configuration of sendmail
T 3.12 Loss of data media during transfer
T 3.13 Transfer of incorrect or undesired data records
T 3.14 Misjudgement of the legally binding of a fax
T 3.15 Improper use of answering machines
T 3.16 Incorrect administration of site and data access rights
T 3.17 Incorrect change of PC users
T 3.18 Sharing of directories, printers or of the clipboard
T 3.19 Storing of passwords for WfW and Windows 95
T 3.20 Unintentional granting of read access for Schedule+
T 3.21 Improper use of code keys
T 3.22 Improper modification of the registry
T 3.23 Improper administration of a DBMS
T 3.24 Inadvertent manipulation of data
T 3.25 Negligent deletion of objects
T 3.26 Inadvertent sharing of the file system
T 3.27 Improper time synchronisation
T 3.28 Inadequate configuration of active network components
T 3.29 Lack of, or unsuitable segmentation
T 3.30 Unauthorised private use of telecommuting workstations
T 3.31 Unstructured data organisation
T 3.32 Violation of basic legal conditions for the use of cryptographic procedures
T 3.33 Improper use of cryptomodules
T 3.34 Unsuitable configuration of the management system
T 3.35 Disabling the server while in operation
T 3.36 Misinterpretation of events
T 3.37 Unproductive searches
T 3.38 Errors in configuration and operation
T 3.39 Improper administration of the RAS system
T 3.40 Inappropriate use of authentication services with remote access
T 3.41 Improper use of remote access services
T 3.42 Insecure configuration of RAS clients
T 3.43 Inappropriate handling of passwords
T 3.44 Carelessness in handling information
T 3.45 Inadequate checking of the identity of communication partners

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update: October 2000