Top 10 Unauthorized Access Threats

1. Unauthorized use by an authorized user of system resources for which he or she lacks formal approval

2. Unauthorized access by former users whose accounts were not deleted on departure

3. Unauthorized use of system resources by individuals who have physical access to the resources but who are not authorized users of the resources • Hacker penetrations of system resources

4. Undetected or uncorrected vulnerabilities that, when exploited, allow unauthorized access

5. Masquerading, which involves posing as an authorized user or program to gain access to system resources—for example, a program such as a Trojan horse may act like another program to gain information (e.g., logon passwords or information files), or an unauthorized user may impersonate a network control center user to request router passwords and filter definitions

6. Replay, which involves recording a stream of previously transmitted encrypted text, such as an encrypted logon sequence, and retransmitting the stream at a later time in place of the wiretapper’s own logon sequence

7. Unauthorized use of access or technology, including privileged access, for the purpose of subverting, modifying, or bypassing security mechanisms

8. Criminal or terrorist acts, including emanation interception for military or economic espionage and state-sponsored terrorism, as well as “physical destruction or vandalism, organized insider theft, armed robbery, or physical harm to personnel” (Krutz and Vines, 2001, p. 20)