| Human |
- Functions incorrectly
- Not present
- Not employed
|
Fall away:
- Foreseeable (resignation, vacation)
- Unforeseen (diseases, death, accident, strike) |
| |
Inadvertently acting erroneously:
- Ignorance, sloppiness
- Incorrect procedures
- Complex error-prone operation
- Careless handling of passwords
- Insufficient knowledge / trainingauthorizations |
| |
Intentionally acting incorrectly:
- Do not work according to regulations / procedures
- Fraud / theft / leak of information
- Unauthorized access with account of employee with higher authorizations |
| |
|
|
| Equipment |
- Functions incorrectly
- Disturbs
- Will be lost or seriously damaged
|
Spontaneous technical failure:
- Aging / wear
- Malfunction
- Design / manufacture / installation / maintenance errors |
| |
Technical failure due to external influences:
- Power failure
- Bad climate control
- Negligent maintenance due to cleaning
- Nature violence
- Theft / damage |
| |
Human action / failure:
- Installation error
- Wrong settings
- Operating errors
- Intentional adjustments / sabotage
- Damage / destruction
- Loss / theft (among others loss of USB sticks or other data carrier)
- Removal of parts causing malfunctions |
| |
|
|
| Environment |
- Functions incorrectly
- Runs steady or delayed execution
- Goes lost or gets serious
|
Negligent human actions:
- Design, programming, implementation, management / maintenance errors
- Introduction of virus and the like. by using non-screened programs
- Use of the wrong version of software
- Bad documentation |
| |
Unintentional human action:
- Errors due to incorrect following procedures
- Installation of malware and viruses by using incorrect authorizations |
| |
Intentional human action:
- Manipulation before or after commissioning
- (Unauthorized) change of function and / or addition
- Installation of viruses, trojans and the like
- Cap of authorizations from colleagues
- Illegal copying of software
- Improper use or private use of company software |
| |
Technical errors / defects:
- Errors in code software that disrupt the operation
- Back doors in software for (unauthorized) access
- Bugs / errors in code that can lead to exploits |
| |
Organizational errors:
- Supplier goes bankrupt
- No good agreements with supplier |
| |
|
|
| Data |
- Are unjustly accessible
- Are temporarily inaccessible
- Going lost
|
Via data carriers (CD / DVD / USB sticks / Harddisk / Backups / mobile devices):
- Theft / lost / leaks
- Damage due to incorrect treatment
- Non-matching file formats
- Incorrect or no encryption
- Incorrect or falsified |
| |
Via Cloud facilities:
- Unauthorized unauthorized access (hackers / hosters)
- Unauthorized modification or deletion of data |
| |
Via equipment:
- Physical writing or reading errors
- Insufficient access restrictions to equipment
- Errors in internal memories
- Draining data |
| |
Via software:
- Incorrect or manipulated software
- Effect of viruses / malware
- Aborting processing |
| |
Through people:
- (Un) intentional erroneous data entry, change or deletion of data
- Unauthorized access by unauthorized persons
- Unauthorized copying of data
- Watch over the shoulder by unauthorized persons
- Careless destruction
- Do not apply clear screen / clear desk
- Draining (wireless) network by unauthorized persons (teleworking situations)
- Improper use of authorizations
- Providing access to data through identity fraud or social engineering |
| |
|
|
| Software |
- Is accessible to unauthorized persons
- Is damaged
- Has been destroyed or seriously damaged
|
Housing:
- Unauthorized access to building (s)
- Theft on workplaces
- Defects in rooms, causing a risk of sneaking / burglary
- Insufficient physical facilities to escape or to intervene during violent threats / conflicts with customers |
| |
Utilities:
- Power outage, water, telephone
- Water flooding due to leakage, fire extinguishing water
- Failure of light, climate and sprinkler installations |
| |
Outdoor events:
- Natural violence (flooding, lightning strike, storm, earthquake, etc.)
- Other violence (war, terrorism, arson, burglary, crashing plane)
- Block / strike
- Unsafe, blocked, escape routes in case of fire |
| |
|
|
| Organization |
- Does not work according to established starting points
- Reorganizes
- Fuses or is canceled
|
User organization:
- Mismanagement
- Deficient assignment of duties, powers, responsibilities
- Unclear or missing codes of conduct
- Absent, obsolete or unclear manuals / system documentation / working procedures
- Insufficient internal control
- Insufficient testing on guidelines
- Insufficient or no contract management
- Missing or unclear SLAs
- Defective goal / means control |
| |
Management organization:
- Lack of management policy
- Insufficient knowledge or capacity
- Insufficient quality assurance
- Insufficient management of systems and resources |
| |
Development organization:
- Bad project management
- Not following project calendar or PPM
- No development guidelines and / or procedures
- No methods / techniques are used
- Lack of systematic work |
| |
|
|
| Service |
- Are not delivered as agreed
- Temporarily not deliverable
- Definitively no longer deliver
|
Services are not delivered as agreed:
- Poorly trained staff
- Large staff turnover
- Insufficient capacity in staff
- False statements about certifications
- Insufficient or no quality assurance
- Personnel do not meet requirements such as a valid VOG and signed confidentiality statements
- Performs mismanagement, sloppiness in management activities,
- Does not work in accordance with ITIL or BiSL principles
- Misuse of entrusted data, applications and documentation
- Does not adhere to segregation of duties
- Uses too heavy authorization, not function bound |
| |
Services provider temporarily unavailable:
- Does not deliver services in accordance with the agreement
- Interruption of service by taking over service provider
- Can not temporarily perform services due to matters outside of their own control (strikes and such)
- Applies wrong priorities in customer service
- Provides insufficient capacity for good service |
| |
Services service provider definitively no longer deliver:
- A service provider goes bankrupt
- Termination services by service provider |