Zusammenfassung der Ressource
Taxonomy of
Operational
Cyber Security
Risks
- 1. Actions of People
- 1.1 Inadvertent
- 1.1.1 Mistakes
- 1.1.2 Errors
- 1.1.3 Omissions
- 1.2 Deliberate
- 1.2.1 Fraud
- 1.2.2 Sabotage
- 1.2.3 Theft
- 1.2.4 Vandalism
- 1.3 Inaction
- 1.3.1 Skills
- 1.3.2 Knowledge
- 1.3.3 Guidance
- 1.3.4 Availability
- 2. Systems and
Technology
Failures
- 2.1 Hardware
- 2.1.1 Capacity
- 2.1.2 Performance
- 2.1.3 Maintenance
- 2.1.4 Obsolescence
- 2.2 Software
- 2.2.1 Compatibility
- 2.2.2
Configuration
management
- 2.2.3 Change control
- o de la union, nov 2017 (elizabeth garcia)
- 2.2.4 Security settings
- 2.2.5 Coding practices
- 2.2.6 Testing
- 2.3 Systems
- 2.3.1 Design
- 2.3.2 Specifications
- 2.3.3 Integration
- 2.3.4 Complexity
- 3. Failed
Internal
Processes
- 3.1 Process
design or
execution
- 3.1.1 Process flow
- 3.1.2 Process
documentation
- 3.1.3 Roles
and
responsibilities
- 3.1.4
Notifications
and alerts
- 3.1.5 Information flow
- 3.1.6 Escalation of issues
- 3.1.7 Service level
agreements
- 3.1.8 Task hand-off
- 3.2 Process controls
- 3.2.1 Status monitoring
- 3.2.2 Metrics
- 3.2.3 Periodic review
- 3.2.4 Process ownership
- 3.3 Supporting
processes
- 3.3.1 Staffing
- 3.3.2 Funding
- 3.3.3 Training and
development
- 3.3.4 Procurement
- 4. External
Events
- 4.1 Disasters
- 4.1.1 Weather even
- 4.1.2 Fire
- 4.1.3 Flood
- 4.1.4 Earthquake
- 4.1.5 Unrest
- 4.1.6 Pandemic
- 4.2 Legal issues
- 4.2.1 Regulatory compliance
- 4.2.2 Legislation
- 4.2.3 Litigation
- 4.3 Business issues
- 4.3.1 Supplier failure
- 4.3.2 Market conditions
- 4.3.3
Economic
conditions
- 4.4
Service
dependencies
- 4.4.1 Utilities
- 4.4.2 Emergency services
- 4.4.3 Fuel
- 4.4.4 Transportation