[A.6] Abuse of access privileges

Types of assets:

·         [D] data / information

·         [keys] cryptographic keys

·         [S] services

·         [SW] software

·         [HW] computer equipment (hardware)

·         [COM] communication networks

Dimensions:

1.   [C] confidentiality

2.   [I] integrity

3.   [A] availability

Description:

Each user enjoys a level of privileges for a specific purpose. When users abuse their privilege level to carry out tasks that are not their responsibility, there are problems.

See:

EBIOS: 39 - ABUSE OF RIGHTS