Page 113 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 113
remain relatively constant over time.
Be Alert for Individual Threats
Competition is often a key part of business growth, but overly
adversarial competition can increase the threat level from
individuals. In addition to criminal hackers and disgruntled
employees, adversaries, contractors, employees, and even trusted
partners can be a threat to an organization if relationships go sour.
Never assume that a consultant or contractor has the same
loyalty to your organization as a long-term employee.
Contractors and consultants are effectively mercenaries who
will work for the highest bidder. Don’t take employee loyalty for
granted either. Employees who are frustrated with their
working environment or feel they’ve been treated unfairly may
attempt to retaliate. An employee experiencing financial
hardship may consider unethical and illegal activities that pose
a threat to your business for their own gain.
A trusted partner is only a trusted partner as long as it is in
your mutual self-interest to be friendly and cooperative toward
each other. Eventually a partnership might sour or become
adversarial; then, your former partner might take actions that
pose a threat to your business.
Potential threats to your business are broad and varied. A company
faces threats from nature, technology, and people. Most businesses
focus on natural disasters and IT attacks in preparing for threats, but
it’s also important to consider threat potential from individuals.
Always consider the best and worst possible outcomes of your
organization’s activities, decisions, and interactions. Identifying
threats is the first step toward designing defenses to help reduce or
eliminate downtime, compromise, and loss.
Determining and Diagramming Potential Attacks
Once an understanding has been gained in regard to the threats facing
