G 0.35 Coercion, Extortion, or Corruption

Coercion, extortion, or corruption can compromise the security of information or business processes. By threatening violence or other disadvantages, an attacking person can attempt to force the victim to disregard security policies or circumvent security measures (coercion).

Instead of threatening, attackers can also deliberately offer money or other benefits to turn employees or other people into instruments for security violations (corruption). For example, there is a risk that employees who can be bribed will pass confidential documents to unauthorized persons.

Through coercion or corruption, all fundamental values of information security can potentially be compromised. Attacks can aim, among other things, to channel confidential information to unauthorized persons, manipulate business-critical information, or disrupt the smooth operation of business processes.

Particular danger exists when such attacks are directed at senior executives or people in positions of special trust.