Cybersecurity Threats and Vulnerabilities: List Edition
An essential part of risk management is identifying and examining threats to better assist senior management with creating or updating security policies within the organization.
Below is a (live) list of possible threats to an organization. This can be used as an additional checklist to make sure virtually all areas contain safeguards where needed.
- Viruses
- Cascade errors
- Criminal activities by authorized users (espionage, IP theft, embezzlement, etc.)
- Movement (vibrations, jarring, etc.)
- Intentional attacks
- Reorganization
- Authorized user illness or epidemics
- Malicious hackers
- Disgruntled employees
- User errors
- Natural disasters
- Physical damage
- Misuse of data, resources, services
- Changes to data classification or security policies
- Compromises to data classification or security policies
- Government, political, or military intrusions, restrictions
- Processing errors (buffer overflows)
- Personnel privilege abuse
- Temperature extremes
- Energy anomalies (static, EM pulses, radio frequencies, power loss, power surge, etc.)
- Loss of data
- Information warefare
- Bankruptcy or alteration/interuption of business activity
- Coding/programming errors
- Intruders(physical or logical)
- Environmental factors (presence of gasses, liquids, organisms, etc.)
- Equipment failure
- Physical theft
- Social engineering
