Taxonomy of Operational Cyber Security Risks

1. Actions of People
1. 1.1 Inadvertent
  1. 1.1.1 Mistakes
  2. 1.1.2 Errors
  3. 1.1.3 Omissions
2. 1.2 Deliberate
  1. 1.2.1 Fraud
  2. 1.2.2 Sabotage
  3. 1.2.3 Theft
  4. 1.2.4 Vandalism
3. 1.3 Inaction
  1. 1.3.1 Skills
  2. 1.3.2 Knowledge
  3. 1.3.3 Guidance
  4. 1.3.4 Availability
2. Systems and Technology Failures
1. 2.1 Hardware
  1. 2.1.1 Capacity
  2. 2.1.2 Performance
  3. 2.1.3 Maintenance
  4. 2.1.4 Obsolescence
2. 2.2 Software
  1. 2.2.1 Compatibility
  2. 2.2.2 Configuration management
  3. 2.2.3 Change control
    1. o de la union, nov 2017 (elizabeth garcia)
  4. 2.2.4 Security settings
  5. 2.2.5 Coding practices
  6. 2.2.6 Testing
3. 2.3 Systems
  1. 2.3.1 Design
  2. 2.3.2 Specifications
  3. 2.3.3 Integration
  4. 2.3.4 Complexity
3. Failed Internal Processes
1. 3.1 Process design or execution
  1. 3.1.1 Process flow
  2. 3.1.2 Process documentation
  3. 3.1.3 Roles and responsibilities
  4. 3.1.4 Notifications and alerts
  5. 3.1.5 Information flow
  6. 3.1.6 Escalation of issues
  7. 3.1.7 Service level agreements
  8. 3.1.8 Task hand-off
2. 3.2 Process controls
  1. 3.2.1 Status monitoring
  2. 3.2.2 Metrics
  3. 3.2.3 Periodic review
  4. 3.2.4 Process ownership
3. 3.3 Supporting processes
  1. 3.3.1 Staffing
  2. 3.3.2 Funding
  3. 3.3.3 Training and development
  4. 3.3.4 Procurement
4. External Events
1. 4.1 Disasters
  1. 4.1.1 Weather even
  2. 4.1.2 Fire
  3. 4.1.3 Flood
  4. 4.1.4 Earthquake
  5. 4.1.5 Unrest
  6. 4.1.6 Pandemic
2. 4.2 Legal issues
  1. 4.2.1 Regulatory compliance
  2. 4.2.2 Legislation
  3. 4.2.3 Litigation
3. 4.3 Business issues
  1. 4.3.1 Supplier failure
  2. 4.3.2 Market conditions
  3. 4.3.3 Economic conditions
4. 4.4 Service dependencies
  1. 4.4.1 Utilities
  2. 4.4.2 Emergency services
  3. 4.4.3 Fuel
  4. 4.4.4 Transportation

Next up

Taxonomy of Operational Cyber Security Risks

Description

Resource summary

Similar

	Created by elizabeth garcia about 6 years ago