Published: October 15, 2004 | Updated: March 15, 2006
This appendix lists threats likely to affect a wide variety of organizations. The list is not comprehensive, and, because it is static, will not remain current. Therefore, it is important that you remove threats that are not relevant to your organization and add newly identified ones to it during the Assessing Risk phase of your project. It is provided as a reference list and a starting point to help your organization get underway.
Table C.1: Common Threats
High level description of the threat |
Specific example |
Catastrophic incident |
Fire |
Catastrophic incident |
Flood |
Catastrophic incident |
Earthquake |
Catastrophic incident |
Severe storm |
Catastrophic incident |
Terrorist attack |
Catastrophic incident |
Civil unrest/riots |
Catastrophic incident |
Landslide |
Catastrophic incident |
Avalanche |
Catastrophic incident |
Industrial accident |
Mechanical failure |
Power outage |
Mechanical failure |
Hardware failure |
Mechanical failure |
Network outage |
Mechanical failure |
Environmental controls failure |
Mechanical failure |
Construction accident |
Non-malicious person |
Uninformed employee |
Non-malicious person |
Uninformed user |
Malicious person |
Hacker, cracker |
Malicious person |
Computer criminal |
Malicious person |
Industrial espionage |
Malicious person |
Government sponsored espionage |
Malicious person |
Social engineering |
Malicious person |
Disgruntled current employee |
Malicious person |
Disgruntled former employee |
Malicious person |
Terrorist |
Malicious person |
Negligent employee |
Malicious person |
Dishonest employee (bribed or victim of blackmail) |
Malicious person |
Malicious mobile code |
|
|