PeakMaven

DE Book a Consultation
G 0.18

G 0.18 Inadequate planning or failure to adapt

If organizational processes that serve directly or indirectly for information processing are not appropriately designed, this can lead to security...

Keywords: Inadequate Planning or Failure to Adapt Elementary Threat

If organizational processes that serve directly or indirectly for information processing are not appropriately designed, this can lead to security problems. Although each individual process step is executed correctly, damage often occurs because processes are defined incorrectly as a whole.

Another possible cause of security problems are dependencies with other processes that themselves have no obvious relationship to information processing. Such dependencies can be easily overlooked during planning and thereby trigger disruptions during operation.

Security problems can also arise when tasks, roles or responsibility are not clearly assigned. Among other things, this can result in processes being delayed, security measures being neglected or regulations being disregarded.

Danger also exists if devices, products, procedures or other means of implementing information processing are not properly used. The selection of an unsuitable product or weaknesses for example in application architecture or network design can lead to security problems.

Examples:

  • If maintenance or repair processes are not aligned with technical requirements, this can result in unacceptable downtime.
  • An increased risk from attacks on your own IT systems can arise if security requirements are not taken into account in the procurement of information technology.
  • If required consumables are not provided in a timely manner, IT processes dependent on them can stall.
  • Weaknesses can arise if unsuitable transmission protocols are selected when planning an IT procedure.

Information technology and the entire environment of an authority or company are constantly changing. Whether employees leave or join, new hardware or software is procured or a supplier goes bankrupt. If the necessary organizational and technical adjustments are not or only insufficiently considered as a result, threats can arise.

Examples:

  • Building changes in the building modify existing escape routes. Since employees are not adequately informed, the building cannot be evacuated in the required time.
  • When transmitting electronic documents, care is not taken to use a data format that is readable for the receiving side.