Embezzlement, Skimming, and Related Fraud
- T1.2.2 - P2- OWNERSHIP OF ASSETS
- T1.2.3 - P2 - ACCEPTABLE USE OF ASSETS
- T1.3.2 - P3 - LABELING OF INFORMATION
- T1.4.1 - P1 - MANAGEMENT OF REMOVABLE MEDIA
- T1.4.2 - P2 - DISPOSAL OF MEDIA
Use of Unapproved Hardware/Devices
- T1.3.1 - P3 - CLASSIFICATION OF INFORMATION
- M1.3.6 - P2 - ADRESSING SECURITY WHEN DEALING WITH CUSTOMERS
- M1.1.3 - P1 - ROLES AND RESPONSIBILITIES FOR INFORMATION SECURITY
- M5.2.5 - P3 - PREVENTIONS OF MISUSE OF INFORMATION SYSTEM
- T1.1.1 - P2 - ASSET MANAGEMENT POLICY
- T1.2.1 - P2 - INVENTORY OF ASSETS
- T1.2.2 - P2- OWNERSHIP OF ASSETS
- T1.2.3 - P2 - ACCEPTABLE USE OF ASSETS
- T1.3.3 - P3 - HANDLING OF INFORMATION ASSETS
- T2.3.4 - P3 - EQUIPMENT MAINTENANCE
- T3.2.4 - P2 - SEGREGATION OF DUTIES
- T3.3.2 - P3 - SYSTEM ACCEPTANCE AND TESTING
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T5.4.3 - P1 - EQUIPMENT INDENTIFICATION NETWORKS
- T7.7.1 - P1 - CONTROL OF TECHNICAL VULNERABILITIES
Abuse of System Access/Privileges
- T4.4.1 - P4 - CONNECTIVITY TO INFORMATION SHARPING PLATFORMS
- M4.4.3 - P1 - REMOVAL OF ACCES RIGHTS
- T3.2.4 - P2 - SEGREGATION OF DUTIES
- T4.5.1 - P1 - NETWORK CONTROLS
- T4.5.3 - P1 - SEGREGATION IN NETWORK
- T5.2.1 - P1 - USER REGISTRATION
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.2.3 - P1 - USER SECURITY CREDENTIALS MANAGEMENT
- T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
- T5.5.2 - P1 - USER IDENTIFICATION AND AUTHENTICATION
- T7.6.4 - P2 - INFORMATION LEAKAGE
Retrieval of Recycled or Discarded Media
- M4.4.2 - P1- RETURN OF ASSETS
- T1.1.1 - P2 - ASSET MANAGEMENT POLICY
- T1.2.1 - P2 - INVENTORY OF ASSETS
- T1.4.1 - P1 - MANAGEMENT OF REMOVABLE MEDIA
- T1.4.2 - P2 - DISPOSAL OF MEDIA
- T2.3.6 - P3 - SECURE DISPOSAL OR RE-USE OF EQUIPMENT
- T3.4.1 - P1 - CONTROLS AGAINST MALWARE
- T3.4.2
Equipment Failure
- T2.3.1 - P2 - EQUIPMENT SITING AND PROTECTION
- T2.3.4 - P3 - EQUIPMENT MAINTENANCE
- T3.2.1 - P2 - COMMON SYSTEMS CONFIGURATION GUIDELINES
- T3.2.4 - P2 - SEGREGATION OF DUTIES
- T3.3.2 - P3 - SYSTEM ACCEPTANCE AND TESTING
- T3.5.1 - P1 - INFORMATION BACKUP
- T3.6.2 - P2 - AUDIT LOGGING
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.6 - P3 - FAULT LOGGING
- T3.6.7 - P4 - CLOCK SYNCHRONIZATION
- T5.4.3 - P1 - EQUIPMENT INDENTIFICATION NETWORKS
- T7.3.1 - P2 - INPUT DATA VALIDATION
- T7.3.2 - P2 - CONTROL OF INTERNAL PROCESSING
- T7.3.4 - P2 - OUTPUT DATA VALIDATION
- T9.2.1 - P3 - DEVELOPING INFORMATION SYSTEMS CONTINUITY PLANS
- T9.2.2 - P3 - IMPLEMENTATION INFORMATION SYSTEMS CONTINUITY PLANS
- T9.3.1 - P3 - TESTING, MAINTAINING AND RE-ASSESSING INFORMATION SYSTEMS CONTINUITY PLANS SYSTEMS CONTINUITY PLANS
Equipment Malfunction
- M3.3.2 - P3 - IMPLEMENTATION PLAN
- M3.3.3 - P2 - TRAINING EXECUTION
- M5.2.5 - P3 - PREVENTIONS OF MISUSE OF INFORMATION SYSTEM
- T1.2.2 - P2- OWNERSHIP OF ASSETS
- T1.3.3 - P3 - HANDLING OF INFORMATION ASSETS
- T2.3.1 - P2 - EQUIPMENT SITING AND PROTECTION
- T3.2.2 - P3 - DOCUMENTED OPERATING PROCEDURES
- T3.2.4 - P2 - SEGREGATION OF DUTIES
- T3.3.2 - P3 - SYSTEM ACCEPTANCE AND TESTING
- T5.4.2 - P1 -USER AUTHENTICATION FOR EXTERNAL CONNECTIONS
- T3.6.2 - P2 - AUDIT LOGGING
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.6 - P3 - FAULT LOGGING
- T3.6.7 - P4 - CLOCK SYNCHRONIZATION
- T5.4.3 - P1 - EQUIPMENT INDENTIFICATION NETWORKS
- T7.7.1 - P1 - CONTROL OF TECHNICAL VULNERABILITIES
- T9.2.1 - P3 - DEVELOPING INFORMATION SYSTEMS CONTINUITY PLANS
- T9.2.2 - P3 - IMPLEMENTATION INFORMATION SYSTEMS CONTINUITY PLANS
- T9.3.1 - P3 - TESTING, MAINTAINING AND RE-ASSESSING INFORMATION SYSTEMS CONTINUITY PLANS SYSTEMS CONTINUITY PLANS
Software Malfunction
- M3.3.2 - P3 - IMPLEMENTATION PLAN
- M3.3.3 - P2 - TRAINING EXECUTION
- T1.2.2 - P2- OWNERSHIP OF ASSETS
- T3.2.1 - P2 - COMMON SYSTEMS CONFIGURATION GUIDELINES
- T3.2.2 - P3 - DOCUMENTED OPERATING PROCEDURES
- T3.2.4 - P2 - SEGREGATION OF DUTIES
- T3.3.2 - P3 - SYSTEM ACCEPTANCE AND TESTING
- T3.5.1 - P1 - INFORMATION BACKUP
- T3.6.2 - P2 - AUDIT LOGGING
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.6 - P3 - FAULT LOGGING
- T7.2.2 - DEVELOPER-PROVIDED STRATEGY
- T7.3.1 - P2 - INPUT DATA VALIDATION
- T7.3.2 - P2 - CONTROL OF INTERNAL PROCESSING
- T7.3.4 - P2 - OUTPUT DATA VALIDATION
- T7.5.1 - P4 - CONTROL OF OPERATIONAL SOFTWARE
- T7.5.3 - P3 - ACCESS CONTROL TO PROGRAM SOURCE CODE
- T7.6.2 - P3 - TECHNICAL REVIEW OF APPLICATIONS AFTER OPERATING SYSTEM CHANGES
- T7.6.3 - P2 - RESTRICTIONS ON CHANGES TO SOFTWARE PACKAGES
- T7.6.5 - P3 - OUTSOURCED SOFTWARE DEVELOPMENT
- T7.7.1 - P1 - CONTROL OF TECHNICAL VULNERABILITIES
- T9.2.1 - P3 - DEVELOPING INFORMATION SYSTEMS CONTINUITY PLANS
- T9.2.2 - P3 - IMPLEMENTATION INFORMATION SYSTEMS CONTINUITY PLANS
- T9.3.1 - P3 - TESTING, MAINTAINING AND RE-ASSESSING INFORMATION SYSTEMS CONTINUITY PLANS SYSTEMS CONTINUITY PLANS
Error in Use
- M3.3.1 - P1 - TRAINING NEEDS
- M3.3.2 - P3 - IMPLEMENTATION PLAN
- M3.3.3 - P2 - TRAINING EXECUTION
- M3.4.1 - P2 - AWARENESS CAMPAIGN
- M5.2.5 - P3 - PREVENTIONS OF MISUSE OF INFORMATION SYSTEM
- T3.2.2 - P3 - DOCUMENTED OPERATING PROCEDURES
- T3.5.1 - P1 - INFORMATION BACKUP
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.6 - P3 - FAULT LOGGING
Use of Counterfeit or Copied Software
- T1.2.2 - P2- OWNERSHIP OF ASSETS
- T3.2.4 - P2 - SEGREGATION OF DUTIES
- T3.2.5 - P2 - SEPARATION OF DEVELOPMENT, TEST AND OPERATIONAL FACILITIES
- M3.3.2 - P3 - IMPLEMENTATION PLAN
- T7.3.1 - P2 - INPUT DATA VALIDATION
- T7.3.2 - P2 - CONTROL OF INTERNAL PROCESSING
- T7.3.4 - P2 - OUTPUT DATA VALIDATION
- T7.5.1 - P4 - CONTROL OF OPERATIONAL SOFTWARE
- T7.6.3 - P2 - RESTRICTIONS ON CHANGES TO SOFTWARE PACKAGES
- T7.6.5 - P3 - OUTSOURCED SOFTWARE DEVELOPMENT
Misappopriation of Private Knowledge
- M3.3.2 - P3 - IMPLEMENTATION PLAN
- M3.3.3 - P2 - TRAINING EXECUTION
- M3.4.1 - P2 - AWARENESS CAMPAIGN
- T1.3.1 - P3 - CLASSIFICATION OF INFORMATION
- T1.3.2 - P3 - LABELING OF INFORMATION
- T1.4.1 - P1 - MANAGEMENT OF REMOVABLE MEDIA
- T1.4.2 - P2 - DISPOSAL OF MEDIA
- T2.2.1 - P2 - PHYSICAL SECURITY PERIMETER
- T2.2.2 - P2 - PHYSICAL ENTRY CONTROLS
- T2.2.3 - P2 - SECURING OFFICES, ROOMS AND FACILITIES
- T2.2.5 - P3 - WORKING IN SECURE AREAS
- T2.2.6 - P3 - PUBLIC ACCESS, DELIVERY AND LOADING AREAS
- T2.3.6 - P3 - SECURE DISPOSAL OR RE-USE OF EQUIPMENT
- T2.3.8 - P2 - UNATTENDED USER EQUIPMENT
- T4.2.3 - P3 - PHYSICAL MEDIA IN TRANSIT
- T4.3.1 - P2 - ELETRONIC COMMERCE
- T4.3.3 - P4 - PUBLICLY AVAILABLE INFORMATION
- T4.4.1 - P4 - CONNECTIVITY TO INFORMATION SHARPING PLATFORMS
- T4.4.2 - P4 - INFORMATION RELEASED INTO INFORMATION SHARING COMMUNITIES
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.2.3 - P1 - USER SECURITY CREDENTIALS MANAGEMENT
- T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
- T5.7.1 - P4 - ACCESS CONTROL FOR MOBILE DEVICES
- T5.7.2 - P4 - TELEWORKING
Inappropiate Web/Internet Usage
- M3.4.1 - P2 - AWARENESS CAMPAIGN
- T3.4.1 - P1 - CONTROLS AGAINST MALWARE
- T4.3.1 - P2 - ELETRONIC COMMERCE
- T5.4.6 - P3 - NETWORK ROUTING CONTROL
- T4.5.1 - P1 - NETWORK CONTROLS
- T4.5.2 - P2 - SECURITY OF NETWORK SERVICES
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.4.2 - P1 -USER AUTHENTICATION FOR EXTERNAL CONNECTIONS
