T 0.31 Incorrect Use or Administration of Devices and Systems
Incorrect or improper use of devices, systems and applications may affect their security, especially when existing security measures are ignored or circumvented. This often leads to disruptions or failures. Depending on what types of devices or systems are used improperly, confidentiality and integrity of information may also be violated.
A particularly prominent special case of improper use is the improper administration. Errors in the installation, configuration, service and maintenance of hardware or software components can result in severe damage.
For example, too generously granted access rights, easy-to-guess passwords, inadequately protected data storage media containing backups or terminals not being blocked during a temporary absence can lead to security incidents.
In the same way, data can also be accidentally deleted or changed due to improper use of IT systems or applications. Confidential information can thus be available the public if, for example, permissions are set incorrectly.
If power or network cables are laid unprotected, they can be inadvertently damaged, which can cause an outage. A cable connection can be pulled out when staff or visitors stumble over it.