incident-subtype-vocab

Embezzlement (F.1)

The fraudulent appropriation of the organization’s property (financial or otherwise) by someone who has been entrusted with its possession

Corruption (F.2)

Conflict of interest, bribery, illegal gratuities, and economic extortion

False Statements (F.3)

Knowingly and willfully making false or fraudulent statements, or concealing information

Virtual (S.1)

Taking malicious actions through technical means to disrupt or stop an organization’s normal business operations

Physical (S.2)

Taking deliberate actions aimed at harming an organization’s physical infrastructure (e.g., facilities or equipment)

Intellectual Property Theft (E.1)

Theft or robbery of an individual’s or organization’s ideas, inventions, or creative expressions, including trade secrets and proprietary products, even if the concepts or items being stolen originated from the insider

Government (E.2)

Covert intelligence-gathering activities to obtain government or military secrets for the benefit of another government to obtain political or military advantage

Workplace Violence (V.1)

Any action or threat of physical violence, harassment, sexual harassment, intimidation, bullying, offensive jokes, or other threatening behavior by a co-worker or associate that occurs in a person’s place of employment or while a person is working

Self Harm (V.2)

An incident where an insider attempts, or indicates a desire to attempt, self harm or suicide

Negligence (U.1)

Threat caused by carelessness. Negligent insiders are generally familiar with security and/or IT policies but choose to ignore them, creating risk for the organization

Accidental (U.2)

An incident of this type results from an insider mistakenly causing an unintended risk to an organization