T 3 Threat catalogue Human Error
T 3.1 Loss of data confidentiality or integrity as a result of user error
T 3.2 Negligent destruction of equipment or data
T 3.3 Non-compliance with IT security measures
T 3.4 Unauthorised connection of cables
T 3.5 Inadvertent damaging of cables
T 3.6 Hazards posed by cleaning staff or outside staff
T 3.7 Failure of the PBX due to operating errors
T 3.8 Improper use of the IT system
T 3.9 Improper IT system administration
T 3.10 Incorrect export of file systems under UNIX
T 3.11 Improper configuration of sendmail
T 3.12 Loss of data media during transfer
T 3.13 Passing on false or internal information
T 3.14 Misjudgement of the legal force of a fax
T 3.15 Improper use of answering machines - not to apply
T 3.16 Incorrect administration of site and data access rights
T 3.17 Incorrect change of PC users
T 3.18 Sharing of directories, printers or of the clipboard - not to apply
T 3.19 Storing of passwords for WfW and Windows 95 - not to apply
T 3.20 Unintentional granting of read access for Schedule+ - not to apply
T 3.21 Improper use of code locks
T 3.22 Improper modification of the registry
T 3.23 Improper administration of a DBMS
T 3.24 Inadvertent manipulation of data
T 3.25 Negligent deletion of objects - not to apply
T 3.26 Inadvertent sharing of the file system - not to apply
T 3.27 Improper time synchronisation
T 3.28 Inadequate configuration of active network components
T 3.29 Lack of, or unsuitable segmentation
T 3.30 Unauthorised private use of telecommuting workstations
T 3.31 Unstructured data organisation
T 3.32 Violation of basic legal conditions for the use of cryptographic procedures
T 3.33 Improper use of cryptomodules
T 3.34 Unsuitable configuration of the management system
T 3.35 Disabling the server while in operation
T 3.36 Misinterpretation of events
T 3.38 Errors in configuration and operation
T 3.39 Improper administration of the RAS system - not to apply
T 3.40 Inappropriate use of authentication services with VPNs
T 3.41 Improper use of VPN services
T 3.42 Insecure configuration of the VPN clients for remote access
T 3.43 Inappropriate handling of passwords
T 3.44 Carelessness in handling information
T 3.45 Inadequate checking of the identity of communication partners
T 3.46 Incorrect configuration of a Lotus Domino server
T 3.47 Error in the configuration of browser access to Lotus Notes - not to apply
T 3.48 Incorrect configuration of Windows computers
T 3.49 Incorrect configuration of Active Directory
T 3.50 Improper configuration of Novell eDirectory
T 3.51 Errors in the assignment of access rights in Novell eDirectory
T 3.52 Errors in the configuration of intranet client access to Novell eDirectory
T 3.53 Errors in the configuration of LDAP access to Novell eDirectory
T 3.54 Use of unsuitable data media for archiving
T 3.55 Violation of legal requirements regarding the use of archive systems
T 3.56 Incorrect integration of IIS into the system environment
T 3.57 Incorrect configuration of the operating system for IIS - not to apply
T 3.58 Incorrect configuration of IIS - not to apply
T 3.59 Inadequate knowledge of the latest security loopholes and test tools for IIS - not to apply
T 3.60 Incorrect configuration of Exchange Server
T 3.61 Incorrect configuration of Outlook
T 3.62 Incorrect configuration of the operating system for an Apache web server - not to apply
T 3.63 Incorrect configuration of an Apache web server - not to apply
T 3.64 Incorrect configuration of routers and switches
T 3.65 Incorrect administration of routers and switches
T 3.66 Incorrect character conversion on the use of z/OS
T 3.67 Inadequate or incorrect configuration of the z/OS operating system
T 3.68 Inadequate or incorrect configuration of the z/OS web server
T 3.69 Incorrect configuration of Unix System Services in z/OS
T 3.70 Insufficient z/OS system file protection
T 3.71 Incorrect system time on z/OS systems
T 3.72 Incorrect configuration of the z/OS security system, RACF
T 3.73 Incorrect use of the z/OS system functions
T 3.74 Inadequate protection of the z/OS system settings against dynamic changes
T 3.75 Inadequate control of the batch jobs in z/OS
T 3.76 Errors during the synchronisation of mobile devices
T 3.77 Insufficient acceptance of information security
T 3.79 Incorrect assignment of SAN resources
T 3.80 Errors during synchronisation of databases
T 3.81 Inappropriate use of security templates for Windows Server 2003 and higher
T 3.82 Incorrect configuration of VoIP middleware
T 3.83 Incorrect configuration of VoIP components
T 3.84 Incorrect configuration of the WLAN infrastructure
T 3.85 Impairment of fire protection compartmentalisations
T 3.86 Unregulated and careless use of printers, copiers, and all-in-one devices
T 3.87 Improper configuration of directory services
T 3.88 Errors in the assignment of access rights
T 3.89 Errors in the configuration of LDAP access to directory services
T 3.90 Incorrect administration of VPNs
T 3.91 Failure of the VPN connections due to operating errors
T 3.92 Misjudging the relevance of patches and changes
T 3.93 Incorrect handling of defective data media
T 3.94 Incorrect configuration of the Samba communication protocols
T 3.95 Incorrect configuration of the operating system of a Samba server
T 3.96 Incorrect configuration of a Samba server
T 3.98 Loss of BitLocker-encrypted data
T 3.99 Incorrect network connections of a virtualisation server
T 3.100 Improper use of snapshots of virtual IT systems
T 3.101 Improper use of guest tools in virtual IT systems
T 3.102 Improper time synchronisation on virtual IT systems
T 3.103 Incorrect domain information
T 3.104 Incorrect configuration of a DNS server
T 3.105 Unapproved use of external services
T 3.106 Inappropriate behaviour when using the Internet
T 3.108 Incorrect configuration of Mac OS X
T 3.109 Inappropriate handling of FileVault encryption
T 3.110 Incorrect configuration of OpenLDAP
T 3.111 Inadequate separation of offline and online access to OpenLDAP
T 3.112 Unauthorised or incorrect use of images when using Windows DISM
T 3.114 Incorrect administration during logging