Add to collection(s) Add to saved
  1. Business
  2. Management

Threat Table

advertisement 
Vulnerabilities
This table lists vulnerabilities likely to affect a wide variety of organizations. The list is
not comprehensive and will not remain current. Therefore, it is important that you
remove vulnerabilities that are not relevant to your organization and add newly identified
ones to it during the risk assessment. It is provided as a reference list and a starting point
to help your organization get underway.
Vulnerability Class
Physical
Physical
Vulnerability
Natural
Example
Unlocked doors
Unguarded access to
computing facilities
Insufficient fire suppression
systems
Poorly designed buildings
Flammable materials used in
construction
Flammable materials used in
finishing
Unlocked windows
Walls susceptible to physical
assault
Interior walls do not
completely seal the room at
both the ceiling and floor
Facility located on a fault line
Natural
Facility located in a flood zone
Natural
Facility located in an
avalanche area
Physical
Physical
Physical
Physical
Physical
Physical
Physical
Hardware
Hardware
Hardware
Hardware
Hardware
Missing patches
Outdated firmware
Misconfigured systems
Systems not physically
secured
Management protocols
allowed over public interfaces
Software
Out-of-date software
Software
Software
Software
Software
Out-of-date software
Poorly written applications
Poorly written applications
Poorly written applications
Software
Deliberately placed weaknesses
Software
Deliberately placed weaknesses
Software
Deliberately placed weaknesses
Software
Configuration errors
Software
Software
Software
Media
Communications
Configuration errors
Configuration errors
Configuration errors
Communications
Communications
Communications
Human
Poorly defined procedures
Human
Human
Poorly defined procedures
Poorly defined procedures
Human
Poorly defined procedures
Human
Human
Human
Poorly defined procedures
Poorly defined procedures
533560237
Out of date antivirus
software
Missing patches
Cross site scripting
SQL injection
Code weaknesses such as
buffer overflows
Vendor backdoors for
management or system
recovery
Spyware such as
keyloggers
Trojan horses
Manual provisioning
leading to inconsistent
configurations
Systems not hardened
Systems not audited
Systems not monitored
Electrical interference
Unencrypted network
protocols
Connections to multiple
networks
Unnecessary protocols
allowed
No filtering between
network segments
Insufficient incident
response preparedness
Manual provisioning
Insufficient disaster
recovery plans
Testing on production
systems
Violations not reported
Poor change control
Stolen credentials
Last printed 2/15/2016 2:36:00 PM
Related documents
What kind of feedback helps students who are doing poorly
What kind of feedback helps students who are doing poorly
Child concerns checklist - FHL Christian Counseling, LLC
Child concerns checklist - FHL Christian Counseling, LLC
Report of Ms Jhabvala`s school
Report of Ms Jhabvala`s school
WRITING_A_RESEARCH_PROPORSAL-ilqam-23-Nov
WRITING_A_RESEARCH_PROPORSAL-ilqam-23-Nov
RRJ Rubric Abbrev2
RRJ Rubric Abbrev2
Role of Choice and Customization on Users ’ Interaction with
Role of Choice and Customization on Users ’ Interaction with
Rubric
Rubric
Ecology Case Study Presentation
Ecology Case Study Presentation
DAY ONE: March 3rd, 2008 – MOLECULAR GENETICS: DUE
DAY ONE: March 3rd, 2008 – MOLECULAR GENETICS: DUE
Download
advertisement