Florida Center for Cybersecurity

Acts of Nature – Natural Disaster – earthquake, hurricane, storms, fire

Hazardous Conditions – Improper Configuration; Maintenance Issues; Chemical/HAZMAT

Dependency Failures – Service failures – e.g., improper inheritance, check execution or notifications failure, improper services or host dependency configuration; invalid time period

System and Environmental Failures – single point of failure (SPOF); lack of failure/safety prevention; lack of reliability assurance
Violent Acts of Man – terrorist attack; hostage situation; warfare

Errors and Omissions – negligent acts; unintentional or intentional exclusions; failure to act; failure to act without error or mistake; wrong conduct or wrong judgement

Insider Attack – malicious attack on a system, computer or network conducted by a member of the organization with authorized system access

Insider Abuse and Unauthorized Acts – insecure or harmful acts and conduct of a member of the organization with authorized system access

External Attack -- malicious attack on a system, computer or network conducted by a person or entity external to the organization who does not have authorized system access

Autonomous Systems and Malicious Code – exploitation of the routing policy of a network; code injection, scripts, executables, or any other code intended to cause undesired affects, security breaches or system damage

Physical Intrusion and/or Theft – successful attempt to gain unauthorized physical access; successful attempt to access, remove, destroy, or modify an asset

Legal and Administrative Action – action or decisions made by a system stakeholder, employee or agent, often of a legal nature and sometimes resulting in legal consequences

Cyber Threat Vectors include human attackers as well as other sources that could cause potential harm or damage to systems and assets.