Information Systems Threat Identification Resource

1. Purpose
This threat identification resource has been developed to assist system owners and developers. This
resource presents a broad view of the risk environment. The threats presented in this document were
selected based on their occurrence and significance.

Categories: The threat resource is categorized into four main groups: environmental/physical
threats, human threats, natural threats, and technical threats. The categories list is not exhaustive. It
was developed as a guide to spur identification of threats and vulnerabilities. As conditions and
technology change, other categories not included here could apply to the system under review.

Threats: Within each section the threats are identified and described. The threat list is not
exhaustive. Other threats not included here could apply to the system under review. For this reason,
an entry for other threats has been included in each section. The effects of threats vary considerably
from confidentiality and integrity of data to the availability of a system. Therefore, System Impact
is identified within the threat column for each described threat.

Examples: To further assist those consulting this resource, examples of each type of threat have
been provided. The examples are not all inclusive. They provide guidance. Other conditions
requiring consideration may be present for the system under consideration. If they exist, these
conditions should be addressed by system owners and developers.

419743803.doc Last printed

 Human Threats
Threats Descriptions Examples
1. Arson Arson is the willful and • Malicious fires caused by bombs
Primarily affects generally malicious burning or and incendiary devices could result
system availability. starting of fires. in damage or destruction of system
hardware and loss of data.
• The malicious intent could be the
cause of a fire resulting from a
contact of steel wool cleaning
material and metal or wiring.
2. Data Entry Errors Data entry errors and • Failure to disable or delete
or Omissions omissions are mistakes in unnecessary accounts, such as guest
keying or oversight to key accounts and employees that no
Could significantly data, which could affect longer need access to system
impact data integrity, system resources and the resources could result in
and to a lesser extent safeguards that are protecting unauthorized access to sensitive
data availability. other system resources. data.
• Entering incorrect values for
sensitive information such as SSN,
financial data or personally
identifiable data could result in data
inconsistency.
• Innocent data entry errors could
result in inconsistency in spellings,
which could make accurate
reporting, or standard searches
impossible.
3. Espionage Espionage is the covert act of • Espionage could be conducted by
Significantly impacts spying through copying, foreign governments through
data confidentiality, reproducing, recording, technical means, such as electronic
but combined with photographing, interception, bugs and wire taps.
other threats could etc., to obtain information. • Foreign government could recruit
impact data integrity an agent inside the target agency by
and availability. either bribing or blackmailing an
employee.
• Companies could encourage
employees to take positions in CMS
to provide those companies with a
constant supply of information.
• Legitimate business agreements,
such as licensing and on-site liaison
officers or contractors could be used
to provide unauthorized
opportunities to gather information.

419743803.doc Last printed

 4. Impersonation Impersonations are threats that • Sharing of badges, key cards, and
often become enablers for PINs could provide an employee or
Could significantly other threats. Impersonation cardholder with unauthorized access
impact data for physical access could to sensitive information.
confidentiality, and to a include misuse of badges, key • Forged documents could form the
lesser extent data cards, personal Identification basis for data entry, modification, or
integrity and numbers (PIN), etc. deletion.
availability. Impersonation for electronic or • Social engineering such as tricking
system access could include employees into revealing passwords
use of others’ identification or other information can
and authentication information compromise a target system’s
in an attempt to gain system security.
privileges and access to system
resources.
5. Improper Disposal Improper Disposal of Sensitive • Searching for residual data left in
of Sensitive Media Media is the discarding of a computer, computer tapes, and
Primarily affects information improperly which disks after job execution could
confidentiality, but in could result in compromise of compromise that data.
combination with other sensitive information. • Disposing of previously owned
threats could impact client PCs that contain sensitive and
integrity and unclassified information could reveal
availability. sensitive data.
• Readable data can be retrieved
from hard copies, wastepaper
baskets, magnetic tapes, or discarded
files resulting in compromise of that
data.
6. Inadvertent Acts or Inadvertent acts or carelessness • Programming and development
Carelessness are unintentional acts that errors result in software
could cause system vulnerabilities. Successful
Could significantly performance degradation or compromise could lead to loss of
impact data system loss. data confidentiality, integrity, and
confidentiality, availability.
integrity, and • Incorrect operations of database
availability. synchronization procedures could
result in data errors, including entry,
deletion, and corruption errors.
• Improper upgrades to database
management software could result in
vulnerabilities that could impact data
confidentiality, integrity, and
availability.
• Programming and development
errors could cause a buffer overflow.
This leaves the system exposed to
security vulnerabilities.

419743803.doc Last printed

 • Installation, upgrade and
maintenance errors could leave data
unprotected or overly exposed to
security vulnerabilities.
• Failure to disable or delete
unnecessary accounts (network,
Internet, and voice), such as guest
accounts, and terminated employees
could result in unauthorized access
to sensitive data.
• Failure to recover terminated
employees’ card keys and door keys
could provide unauthorized access to
system and data.
7. Labor Unrest Labor unrest is activities • The unavailability of key
Primarily affects the organized by employees personnel resources could disrupt
availability of the designed to halt or disrupt normal operations.
system. Could also normal operations such as • Employee refusals to carry out
affect confidentiality strike, walkout, and protest job work-related instructions or tasks
and integrity. action. could pose a threat to information
security if they refuse to close
vulnerability.
8. Omissions Omissions are nonmalicious • Failure to disable or delete
Primarily affects the threats that could affect system unnecessary accounts (network,
confidentiality, resources and the safeguards Internet, and voice), such as guest
integrity and that are protecting other accounts and employees that no
availability of the system resources. longer need access could provide
system. unauthorized access to system
resources.
• Failure to recover terminated
employees’ card keys and door keys
could provide unauthorized access.
• If the system administrator fails to
perform some function essential to
security, it could place a system and
its data at risk of compromise.
9. Procedural Procedural violation is the act • Refusal to carry out work related
Violation of not following standard instructions or tasks, such as the
Primarily affects instructions or procedures, refusal to remove a User ID and
availability of the which could be either logon access of an employee
system. intentional or unintentional. terminated for cause could place a
system and data at risk of
compromise.
• Unintentional failure to carry out
work-elated instructions or tasks,
such as the failure to test a backup

419743803.doc Last printed

 tape to determine whether or not the
backup was successful could place
data at risk of loss.
10. Riot/Civil Riot/civil is a violent • The unavailability of key
Disorder disturbance created by and personnel resources could affect
Primarily affects the involving a large number of system availability.
availability of the people, often for a common • The refusal to carry out work-
system. purpose or over a significant related instructions or tasks could
event. affect data availability.
• Employees might not be able to
reach the workplace to ensure data
protection.
11. Scavenging Scavenging is the searching • Searching for residual data left in
Primarily affects through object residue to a computer, computer tapes, and
confidentiality. acquire sensitive data. disks after job execution could
compromise that data.
• Examining discarded or stolen
media could reveal sensitive data.
12. Shoulder Surfing Shoulder Surfing is the • Housekeeping staff could observe
deliberate attempt to gain the entry of sensitive information.
Primarily impacts data knowledge of protected • Failure to protect a UserID and
confidentiality, but in information from observation. Password from observation by others
combination with other The unauthorized disclosure of during logon could allow
threats could impact protected information leads to unauthorized users to capture
integrity and information misuse (identity sensitive information.
availability. theft), or such information • Visitors could capture employee’s
could be used to gain passwords and other sensitive
additional access or information left unprotected on
information. desktops.
• Allowing remote dial-up access to
networks or systems from off-site
locations could disclose an agency’s
dial-up access phone number, user
account, password, or log-on
procedures.
• Personal standalone workstations
could be unprotected.
13. Terrorism Terrorism is a deliberate and Terrorism is a constant danger as
Primarily affects violent act taken by an illustrated by the following attacks:
confidentiality, individual or group whose • September 11, 2001 attacks.
integrity and motives go beyond the act of • Bomb threats/attempts e.g. 1998
availability. sabotage, generally toward Embassy bombings, 1993 World
some extreme political or Trade Center Bombing.
social sentiment. • Biological attack e.g. post
September 11, 2001 anthrax attack.
• Cyber terrorism or information

419743803.doc Last printed

 warfare. For example, Hackers
broke into the U.S. Justice
Department's web site and replaced
the department's seal with a
swastika, redubbed the agency the
"United States Department of
Injustice" and filled the page with
obscene pictures. Also, in December
2001, computer hackers tapped into
WebCom, one of the nation's largest
worldwide web service providers on
the Internet, and removed more than
3,000 sites for 40 hours, many of
them retailers trying to capitalize on
the Christmas rush.
14. Theft, Sabotage, Theft, sabotage, vandalism, or • Disgruntled employees could
Vandalism, or physical intrusions are create both mischief and sabotage of
Physical Intrusions deliberate malicious acts that system data.
Could significantly could cause damage, • Deletion or corruption of data
impact data integrity destruction, or loss of system could occur through acts of
and availability, and to assets. Such an act could also vandalism.
a lesser extent data enable other threats, such as • Logic bombs could destroy system
confidentiality. compromise of interconnected data at a given time or under certain
systems. circumstances.
• Sensitive data could be captured
through application vulnerabilities,
and held hostage.
• Cleaning staffs/vendors could
have access to sensitive information.
• Disgruntled employees could
sabotage a computer system by
installation of software that could
damage the system or the data.
• Destruction of hardware or
facilities could destroy data that
might not be recovered.
• Computer abuse such as
intentional and improper use,
alteration and disruption could result
in loss of system assets.
• Cleaning staffs/vendors or
contractors could steal unsecured
sensitive information.
15. User Abuse or User abuse or Fraud addresses • Users could browse systems and
Fraud authorized users who abuse applications in search of specific
Could significantly their assigned access privileges data or characteristics.

419743803.doc Last printed

 impact data or rights to gain additional • Use of information (password) as
confidentiality, information or privileges. an indirect aid for subsequent
integrity, and misuse, including unauthorized
availability. access could compromise data
security.
• Information (Social Security
numbers) could be used as a direct
aid for illegal purposes, including
identity theft.
• A user could engage in excessive
use of an Information System asset
for personal means (e.g., games,
resumes, personal matters).
• The opening of an unprotected
port on a firewall could provide
unauthorized access to information.
16. Other Threats…
(To be specified by
system owner or
developer.)

419743803.doc Last printed

 Technical Threats
Threats Descriptions Examples
1. Compromising Compromising emanations are • Radiation or signals that emanate
Emanations the unintentional data-related from a communications circuit could
Primarily affects or intelligence-bearing signals, disclose to unauthorized persons or
confidentiality. which, if intercepted and equipment the sensitive or
analyzed, could disclose proprietary information that is being
sensitive information being transmitted via the circuit.
transmitted and/or processed. • Use of an inductive amplifier on
unprotected cable could reveal
unencrypted data and passwords.
2. Corruption by Corruption by System, System • Failure of system
System, System Errors, or Failures addresses software/hardware could result in
Errors, or Failures corruption of a system by database failures leading to financial
Could impact another system, system errors loss.
confidentiality, that corrupt data, or system • Failure of application software
integrity, and failures that affect system could prevent users of these
availability of the operation. applications from performing some
system. or all of the tasks assigned to them
unless these tasks could be carried
out manually.
• Flawed designs, such as newly
discovered vulnerabilities not
addressed by requirements could
place system at risk of compromise.
• Faulty implementation, such as
inconsistency with design or new
bugs not covered by specifications
could allow compromise of data and
application.
3. Data/System Data/system contamination is • Data values that stray from their
Contamination the intermixing of data of field descriptions and business rules
Could significantly different sensitivity levels, could be revealed to unauthorized
impact data which could lead to an person.
confidentiality, and to a accidental or intentional • Anomalies and multiple account
lesser extent data violation of data integrity. numbers for the same entity could
integrity and allow unauthorized access to data.
availability. • Corrupted system files could
contain strings of sensitive
information.
• File fragments containing
sensitive information could be

419743803.doc Last printed

 scattered throughout a drive instead
of in an encrypted sector to protect
them from compromise.
• Cross-site scripting attacks (CSS)
could be launched by inserting
malicious tagging as an input into
dynamically generated web pages.
Malicious tagging could enable an
attacker to accomplish compromise
of data integrity, set and read
cookies, intercept user input and
execute malicious scripts by the
client in the context of the trusted
source. For example, Citibank
closed a CSS vulnerability identified
by De Vitry at the bank's C2IT.com
Internet payment site that enabled
attackers to grab users' credit card
and bank account information.
4. Eavesdropping Eavesdropping is the deliberate • Eavesdropping devices, such as
Could significantly attempt to gain knowledge of Electronic Bugs, could be used to
impact data protected information. The intercept sensitive, unencrypted data.
confidentiality, but unauthorized disclosure of For example, keystroke monitoring
combined with other protected information leads to could transmit every keystroke so
threats could impact information misuse (identity that all user input could be
data integrity and theft), or such information reproduced.
availability as well. could be used to gain • Trojan Horse applications could
additional access or surreptitiously capture user or
information. system activities.
• Use of an inductive amplifier on
unprotected cable could permit
unauthorized intercept of
transmission. These transmissions
could include sensitive information,
such as passwords, in the clear.
• Use of a Packet Sniffers could
permit unauthorized intercept of
transmission. These transmissions
could include sensitive information,
such as passwords over networks
(e.g., in telnet or ftp).
• Electromagnetic radiation from
standard computers could be used to
reconstruct the contents of the
computer screen. These signals
could carry a distance of several

419743803.doc Last printed

 hundred feet, and even further when
exposed cables or telephone lines
function as unintended antennas.
• Attackers could use offshore
hackers to break into Federal
computer systems and steal
protected information. The fact that
the attack could come from outside
the United States increases the
difficulty of protection.
5. Hardware / Hardware / Equipment Failure • Malfunction or failure of Central
Equipment Failure is the unexpected loss of Processing Unit (CPU) or other
Primarily affects the operational functionality of hardware could result in the loss of
integrity and any system hardware asset. system data.
availability of the • Faulty network components such
system. as hosts, routers and firewalls could
result in interruption of
communications between the
connected stations.
• Improper hardware maintenance
could allow a system crash to occur.
• Internal power disturbances could
result in loss of system data.
• Self-generated or other internal
interference could damage data or
interrupt system function.
6. Impersonation Impersonations are threats that • Sharing of badges, key cards, and
Could impact often become enablers for passwords could provide
confidentiality, other threats. Impersonation unauthorized access to sensitive
integrity and for physical access could information.
availability. include misuse of badges, key • Masquerading, such as
cards, personal Identification impersonation: false identity external
numbers (PIN), etc. to computer systems or playback and
Impersonation for electronic or spoofing attacks could result in
system access could include unauthorized access to sensitive
use of others’ identification data.
and authentication information • Social engineering, such as
in an attempt to gain system tricking employees into revealing
privileges and access to system passwords or other information
resources. could compromise a target system’s
security.
• Forged email messages could
reveal sensitive information.
7. Insertion of Insertion of Malicious Code or • Modification, insertion, or
Malicious Code or Software; or Unauthorized deletion of data or lines of code
Software; or Modification of a Database is could compromise data and/or

419743803.doc Last printed

 Unauthorized the malicious intent to change system.
Modification of a a system’s configuration • Unauthorized modification of
Database. without authorization by the database records could compromise
Could significantly addition or modification of data integrity and availability.
impact data code, software, database • Trojan Horse applications could
confidentiality, records, or information. The be installed through code and
integrity, and intent and impact could range software modifications. Some
availability. from subtle annoyances and examples are SubSeven Trojan,
inconveniences to catastrophic NetBus, BackOrifice, NetCat and
failures and outages. Deep Throat
• Logic bombs could be placed
within authorized software and
perform malicious system actions on
a given trigger event.
• Trap door functions could be
inserted into authorized code and
software.
• Improper database entries and
updates could be executed.
8. Installation Errors Installation errors are the • Poor installation procedures could
Could impact errors, which could occur as a leave data unprotected, e.g. built-in
confidentiality, of result poor installation security features of software
integrity and procedures. Installation errors, packages are not implemented.
availability of the whether hardware or software, • Failure to educate and prepare for
system. could undermine security installation and uninstallation
controls. methods could leave data
unprotected.
• Incorrect installation or a conflict
with another device that is
competing for the same resources
within the computer system could
impact system data and resource
availability.
• Installation of programs designed
by users for personal computers
could modify the system
initialization scripts and change the
configuration of a system allowing
unauthorized access to sensitive
data.
• Installation of patches and hot
fixes could modify the system
initialization scripts and change the
configuration of a system. This
could reset security settings and
place data at risk of compromise.

419743803.doc Last printed

 9. Intrusion or Intrusion or Unauthorized • Trojan Horses perform malicious
Unauthorized Access Access to System Resources is system actions in a hidden manner,
to System Resources gaining unauthorized access to including file modification, deletion,
Depending on the level system resources. The intent copying, or the installation of system
of intrusion and the could be malicious or backdoors. Some examples are
safeguards, the nonmalicious (e.g., curiosity SubSeven Trojan, NetBus,
intrusion or seeker) in nature. BackOrifice, and Deep Throat.
unauthorized access to • Trap Door (back door) attacks
system resources could could result in improper
impact confidentiality, identification and authentication,
integrity, and improper initialization or allocation,
availability. improper runtime validation or
improper encapsulation.
• Network worms, e.g. Code Red
worm, W32/Leaves worm, and
power worm could damage the
system and associated data.
• Authorization attacks, such as
Password cracking or Token hacking
could result in unauthorized access
and system/data compromise.
• Hotmail vulnerability– Microsoft
was informed on August 29, 1999, of
a weakness that allowed anyone to
read the inbox of any Hotmail user,
provided the username was known.
• In February 1998, hackers
launched an attack against the
Pentagon and MIT. In the attack
against MIT, hackers were able to
collect user names and passwords to
computers outside the network
through the use of a packet sniffer.
Details on the attack against the
Pentagon were not made available.
10. Jamming Jamming is the deliberate • Jamming the radio frequency
(Telecommunications) radiation, reradiation, or could produce electrical interference
Primarily affects the reflection of electromagnetic that prevents system operation.
availability of the energy, which could cause
system. communications degradation,
or total loss of the system.
11. Misrepresentation Misrepresentations of identity • Abuse of privileges such as
of Identity are threats that often become misuse of USERIDs and passwords
Could significantly enablers for other threats. could be used to gain unauthorized
impact data Misrepresentation for access to sensitive data.
confidentiality, and to a electronic or system access • Personal profile extraction could

419743803.doc Last printed

 lesser extent data could include use of others’ allow an unauthorized person to
integrity and identification and assume an otherwise authorized role.
availability. authentication information in • Forged documents and messages
an attempt to gain privileges could form the basis for costly
into system resources. business decisions.
• Social engineering, such as
tricking employees into revealing
passwords or other information that
provides access to an application
could compromise data security.
12. Misuse of Known Misuse of Known Software • User IDs, especially
Software Weaknesses Weaknesses is the deliberate root/administrator with no
Could impact act of bypassing security passwords or weak passwords for all
confidentiality, controls for the purpose of systems could allow unauthorized
integrity and gaining additional information access to the application and its data.
availability. or privileges. This weakness • Remote Procedure Call (RPC)
could be at the operating weaknesses in rpc.ttdbserverd
system, application or access (ToolTalk), rpc.cmsd (Calendar
control levels of a system. Manager), and rpc.statd could allow
root compromise. This affects
multiple Unix and Linux systems.
• IMAP and POP buffer overflow
vulnerabilities or incorrect
configuration could allow
compromise of data and application.
• Sendmail buffer overflow
weakness, pipe attacks and MIMEbo
could allow compromise at the root
level.
• Global file sharing and
inappropriate information sharing
via NFS and Windows NT ports
135-139 (445 in windows 2000) or
UNIX NFS exports on port 2049 as
well as Appletalk over IP with
Macintosh file sharing enabled,
could result in data compromise.
• The RDS security hole in the
Microsoft Internet Information
Server (IIS) could allow an attack to
damage or destroy the application
and its data.
13. Saturation of Saturation of communications • Denial of Service (DOS) and
Communications or or system resources is the Distributed Denial of Service
Resources condition in which a (DDOS) attacks, such as network
Could impact integrity component of a system has saturation attacks and bandwidth

419743803.doc Last printed

 and availability. reached its maximum traffic consumption attacks could result in
handling capacity. Saturation system/data unavailability.
of communications or system • Sendmail buffer overflow
resources is a threat that weakness, pipe attacks and MIMEbo
creates an unstable could allow compromise at the root
environment, which could level.
degrade communications
capabilities and/or consume
processor time (e.g., flooding
the buffer).
14. System and Auditing and logging of • Auditing and logging settings not
Application Errors, system and application errors properly configured at the system
Failures, and enable administrators to and application level could prevent
Intrusions not troubleshoot and safeguard tracking of malicious acts.
Properly Audited and performance issues, and • Intruders could gain unauthorized
Logged reconstruct events of system access and abort auditing
Could significantly unauthorized access. The lack processes.
impact data integrity of sufficient auditing and • If Audit logs reach their maximum
and availability. logging of System and threshold they could remove logged
Application Errors, Failures, data, or stop logging new data.
and Intrusions reduces these
capabilities.
15. Takeover of Takeover of Authorized • Network sessions could be
Authorized Session Session is gaining control of an compromised through session
Could significantly authorized session, and hijacking techniques.
impact data assuming the access rights of • When a user leaves the immediate
confidentiality, and to a the authorized party. This work area and a session remains
lesser extent data session could be used for open, unauthorized use could occur.
integrity and further unauthorized access. • Database communications could
availability. be captured, modified, and sent to
the original destination.
16. Tampering Tampering is an unauthorized • Web hacks could deface a web
Primarily affects the modification that alters the site, or disable the web server
integrity and proper functioning of functionality.
availability of the equipment in a manner that • Domain Name Service hacks
system. degrades the security could prevent authorized users from
functionality the asset properly accessing network or
provides. Internet resources.
17. Other Threats…
(To be specified by
system owner or
developer)

419743803.doc Last printed

419743803.doc Last printed
 Environmental / Physical Threats
Threats Descriptions Examples
1. Electromagnetic Electromagnetic Interference • Malfunctioning equipment:
Interference (EMI) (EMI) is the impact of signal Electromagnetic impulses and radio
Primarily affects the transmitters and receivers frequency interference (RFI) are
integrity and operating in proximity to a common causes of line noise. Line
availability of the CMS system, which could noise could cause corrupted data
system. cause an interruption in the transfers from a CPU to disk,
electronic operation of the printing errors, power supply
system. damage, and static on computer
monitor screens.
• EMI could cause an extended
power surge, over-stress power
supplies and lead to computer
equipment damage.
• EMI could cause a power failure,
disrupting network operation,
computer screens to go blank, and
servers to crash.
• Electromagnetic radiation from
standard computers could be used to
reconstruct the contents of the
computer screen. These signals
could carry a distance of several
hundred feet, and even further if
exposed cables or telephone lines act
as unintended antennas.
2. Environmental Environmental conditions are • Water leaks in server rooms could
Conditions controlled and noncontrolled cause equipment damage.
Primarily affects the climate conditions, which have • Both excess and insufficient
integrity and the potential to cause system humidity in the computer room
availability of the damage or degradation. This could threaten system reliability.
system. threat could be a result of the • Overheating in computer rooms
natural environment (extreme could result in computer failure and
heat, cold, humidity, etc.) or downtime.
faulty/poorly designed heating, • Poor ventilation and air
ventilation, and air conditioning failure in server rooms
conditioning systems. could cause mechanical parts, such
as disk drives containing data, to
fail.
• Air conditioning system failure
could impair utilization of the
building due to excessive heating,

419743803.doc Last printed

 cooling, or insufficient air exchange.
3. Hazardous Hazardous material accident is • Office cleaning materials with
Material Accident the unexpected spill of toxic flammable contents could cause a
Could impact system material. Hazardous materials fire or explosion if spilled or not
availability. are substances that are either kept at a specific temperature.
flammable, oxidizable or • Spilled chemicals could cause a
combustible, explosive, toxic, fire, releasing toxic smoke.
noxious, corrosive, an irritant • Chemical drain cleaners (also
or radioactive. called drain openers) are extremely
corrosive. Common ingredients in
drain cleaners include lye or sulfuric
acid. These chemicals work by
eating away materials including skin
if they should come in contact.
• Household ammonia is considered
to be an irritant rather than a
corrosive hazard. Vapors, even in
low concentrations, can cause severe
eye, lung, and skin irritation.
Chronic irritation may occur if
ammonia is used over long periods
of time.
• Solvents such as alcohols are
considered combustible because they
evaporate easily at room temperature
and can readily ignite given heat,
spark, or flame.
• Bleach, when mixed with
phosphoric acid cleaner, produces a
noxious gas with a strong odor.
4. Physical Cable Cuts A physical cable cut could be • A disgruntled employee could
Could affect system an intentional or unintentional sabotage transmission media
availability. event that affects the system’s • Animals could cause damages to
ability to perform its intended cables resulting in broken cables.
function. Depending upon the • Lightening strikes could cause a
power and communications structural fire, which could, in turn,
backups built into the system, burn out circuits resulting in a power
the effects could range from failure.
minimal to catastrophic. • Lightening strikes could cause a
structural fire, which could, in turn,
burn out circuits resulting in a power
failure.
• Lightening strikes could cause
severe damage resulting in broken
cables.

419743803.doc Last printed

 5. Power Fluctuation Power Fluctuation is a • A power outage could affect the
Could impact system disruption in the primary timeliness and quality of the
availability. power source (power spike, delivered service.
surge, brownout, and blackout) • Malfunction or failure of Central
that results in either Processing Unit (CPU) or hardware
insufficient or excessive could impact the timeliness and
power. quality of the delivered services.

6. Secondary Secondary disasters are • Spilled chemicals could cause a

Disasters successive disasters that are fire, releasing toxic smoke.
Could affect system likely to result from natural • Broken water pipes could cause
availability. disasters or environmental internal flooding.
conditions. Secondary • An earthquake could cause a
disasters could strike structural fire, which could, in turn,
communities at any time, with burn out circuits resulting in a power
or without warning. The failure.
probability of secondary
disasters should be anticipated.
7. Other Threats (To
be specified by system
owner or developer)

419743803.doc Last printed

 Natural Threats
Threats Descriptions Examples
1. Natural Disaster Natural disasters, such as • An internal/external fire could
Could impact system hurricanes, wind result in damage to system hardware
availability. damage/tornadoes, and facility.
earthquakes, and floods could • Internal/external flooding could
result in damage or destruction result in damage or destruction of
of system hardware or system hardware.
software assets. Any of these • Earthquakes are among the most
potential threats could lead to a deadly and destructive of natural
partial or total outage. hazards. They could be the direct
cause of injury or death to a person
responsible for security. They often
destroy power and telephone lines.
They could cause severe damage to
facilities.
2. Secondary Disaster Secondary disasters are • An earthquake could cause a
Primarily affects the successive disasters that are structural fire, which, in turn, could
availability of the likely to result from natural burn out circuits resulting in a power
system. disasters or environmental failure.
conditions. Secondary • Intense rains could cause flooding.
disasters could strike • Spilled chemicals could cause a
communities at any time, with fire.
or without warning. The • Broken water pipe could result in
probability of secondary internal flooding.
disasters should be anticipated.
3. Other Threats (To
be specified by system
owner or developer)

419743803.doc Last printed

Threat / Category Matrix

Confidentiality
Human Espionage
Impersonation
Improper Disposal of Sensitive Media
Inadvertent Acts or Carelessness
Omissions
Scavenging
Shoulder Surfing
Theft, Sabotage, Vandalism, or Physical Intrusion
User Abuse or Fraud

Technical
Compromising Emanations
Corruption by System, System Errors, or Failures
Data/System Contamination
Eavesdropping
Insertion of Malicious Code, Software, or Database
Modification
Installation Errors
Intrusion or Unauthorized Access to System Resources
Misrepresentation of Identity / Impersonation
Misuse of Known Software Weaknesses
Takeover of Authorized Session

Environmental None

Natural None

419743803.doc Last printed

Integrity
Human Data Entry Errors or Omissions
Inadvertent Acts or Carelessness
Omissions
Terrorism
Theft, Sabotage, Vandalism, or Physical Intrusions
User Abuse or Fraud

Technical Corruption by System, System Errors, or Failures

Data / System Contamination
Insertion of Malicious Code, Software, or Database Modification
Installation Errors
Intrusion or Unauthorized Access to System Resources
Hardware / Equipment Failure
Misuse of Known Software Weaknesses
Misrepresentation of Identity / Impersonation
Saturation of Communications or Resources
System and Application Errors, Failures, and Intrusions not Properly
Audited and Logged
Tampering

Environmental Electromagnetic Interference

Environmental Conditions

Natural None

419743803.doc Last printed

Availability
Human Arson
Espionage
Inadvertent Acts or Carelessness
Labor Unrest
Omissions
Procedural Violation
Riot / Civil Disorder
Terrorism
Theft, Sabotage, Vandalism, or Physical Intrusions
User Abuse or Fraud

Technical Corruption by System, System Errors, or Failures

Data / System Contamination
Hardware / Equipment Failure
Insertion of Malicious Code, Software, or Database Modification
Installation Errors
Intrusion or Unauthorized Access to System Resources
Jamming (telecom)
Misrepresentation of Identity / Impersonation
Misuse of Known Software Weaknesses
Saturation of Communications or Resources
System and Application Errors, Failures, and Intrusions not Properly
Audited and Logged
Tampering

Environmental Electromagnetic Interference

Environmental Conditions
Hazardous Material Accident
Physical Cable Cuts
Power Fluctuation

Natural Natural Disaster

Secondary Disaster

419743803.doc Last printed

Correlation of Threats to Categories

C = confidentiality I = integrity A = availability

Threat Area Environmental / Human Natural Technical
Physical
Arson A
Compromising Emanations C
Corruption by System, System C IA
Errors, or Failures
Data / System Contamination C IA
Data Entry Errors or Omissions I
Eavesdropping C
Electromagnetic Interference IA
Environmental Conditions IA
Espionage CA
Hardware / Equipment Failure IA
Hazardous Material Accident A
Impersonation C
Improper Disposal of Sensitive C
Media
Inadvertent Acts or Carelessness CIA
Insertion of Malicious Code, C IA
Software, or Database
Modification
Installation Errors C IA
Intrusion or Unauthorized C IA
Access to System Resources
Jamming (telecomm) A
Labor Unrest A
Misrepresentation of Identity C IA
Misuse of Known Software C IA
Weaknesses
Natural Disaster A
Omissions CIA
Physical Cable Cuts A
Power Fluctuation A
Procedural Violation A
Riot / Civil Disorder A
Saturation of Communications IA
or Resources
Scavenging C
Secondary Disasters A
Shoulder Surfing C
System and Application Errors, IA

419743803.doc Last printed

Failures, and Intrusions not
Properly Audited and Logged
Takeover of Authorized Session C
Tampering IA
Terrorism IA
Theft, Sabotage, Vandalism, or CIA
Physical Intrusions
User Abuse or Fraud CIA

419743803.doc Last printed