Security Threats Taxonomy


The list of security threats has been developed as part of the available templates for

This list has been curated for a variety of different sources, and focuses on cyber security threats to technology. Threats associated to Physical or Environmental factors have been consolidated, as these are anticipated to require less consideration for most patterns.

It’s important to note that the purpose of this list is to facilitate identification and categorisation of threats within security patterns. Other lists such as MITRE CAPEC and OWASP are still relevant, but provide a much more detailed analysis of threats than what is required for security patterns.


Security Threat List

Threat ID Threat Event Threat Detail
TE-01 Disaster or major events in the environment Lost of data or accessibility of IT infrastructure as result of fire, earthquake, flood, landslide, tsunamis or heavy winds
TE-02 Unfavourable climatic conditions Lost of data or accessibility of IT infrastructure as result of extensive temperature, humidity, pollution or dust
TE-03 Fraud Individual(s) engaged in deceptive or deceitful behaviour against another person or organisation intended to result in financial or personal gain
TE-04 Sabotage Individual(s) engaged in Deceptive or deceitful behaviour against another person or organisation to suffer some disadvantage
TE-05 Physical theft Individual(s) engaged gain physical access to a system or device through theft of the item such as mobile devices, storage media or IT equipment
TE-06 Unauthorized physical access or entry to premises Individual(s) exploit weakness in physical access of authorized staff to gain access to organizational facilities
TE-07 Coercion, extortion or blackmail Individual(s) covertly use force, threats of extortion or blackmail to compromise critical information systems and or gain physical access
TE-08 Warfare or terrorists attack Individual(s) or state based actors engaged in physical attack and harm against another person, organisation or country to compromise critical information systems and or gain physical access
TE-09 Accidental leaks or sharing of information due to human error or mishandling Authorized user inadvertently exposes critical or sensitive information through human error
TE-10 Leaks of information or data through applications flaws, misconfigured services or system errors. System inadvertently exposes or discloses critical or sensitive information within system, configuration or audit logs
TE-11 Disruption to information systems due to misconfiguration or maintenance errors Destruction or loss of system availability due to human error for misconfiguration or changes performed during maintenance
TE-12 Unintentional change of data within information system Mishandling of critical or sensitive information by authorized users
TE-13 Inadequate design and planning leading to improper deployment Loss of confidence in the application, system or platform due to poor deployment, configuration and potential for human error
TE-14 Inadequate workflows or processes leading to flaws in deployment Loss of confidence in the application, system or platform due to poor workflow or business process.
TE-15 Unintentional damages through security testing Loss of confidence in the stability or integrity of application, system or services due to security testing or attempted exploitation of vulnerabilities
TE-16 Unintentional destruction of records through mismanaged data repositories or storage Corrupted and incorrect data resulting in suboptimal services, loss of confidence in data storage or backups
TE-17 System failure or corruption of information systems, devices or media Physical failure or devices or defective data media Hardware failure of parts or components including loss of power supply or cooling
TE-18 Failure or disruption of network infrastructure, connectivity or communication links Physical failure of network infrastructure, devices, communication links including cable, wireless or mobile
TE-19 Failure within information systems due to disruption or unavailability of dependant external supply chains Failure in information systems due to dependencies on external software packages, components or external service providers that may be disrupted or destroy supply chain.
TE-20 Interception of information due to publicly accessible insecure or rouge remote access points Gain unauthorised access into information systems via rouge or misconfigured network services such as WIFI, VPN or Remote Desktop services
TE-21 Network reconnaissance and information gathering Utilise information systems or networks infrastructure to collect or sniff network traffic
TE-22 Session hijacking Gain access to information systems or networks for the express purpose of taking control or hijacking a legitimate session between two entities
TE-23 Man in the middle attack or network traffic modification Intercept or eavesdrop on sessions to capture, manipulate or replay messages between two entities
TE-24 Identity theft Adversary impersonates users or privileged users through fraudulent or stolen credentials or digital certificates
TE-25 Generation of false identities Adversary exploits weakness in identity systems allowing generation of rogue credentials or digital certificates used to masquerade or impersonate users or system services
TE-26 Abuse of resources through misconfiguration Exploit of poorly configured information systems to conduct unauthorized activities or configuration changes
TE-27 Exploit hardware or platform vulnerabilities Trusted applications or services are compromised by underlying platforms through bios exploits, firmware exploits or rootkits
TE-28 Infection from malware, worms or trojans Trusted applications or services are compromised through malware infection, worms or trojans
TE-29 Web application attacks or code injection attack Trusted applications or services are compromised through web application attacks or code injection attack
TE-30 Rogue software masquerading as trusted application Rogue software, spyware or adware that masquerades as trusted applications or services
TE-31 Unauthorized changes or manipulation of application functionality or code Manipulation of code or application functionality resulting in loss of confidence and integrity in trusted applications or services.
TE-32 Social engineering or phishing attacks Adversary counterfeits communications from a legitimate or trustworthy source with the intent of persuading or tricking individuals to expose sensitive information
TE-33 Receive of unsolicited e-mail Adversary delivers unsolicited infected e-mails or SPAM with the intent of compromising the information systems used by individuals
TE-34 Violate isolation in multi-tenant environment Adversary circumvents isolation mechanisms within a multi-tenant environment to observe, compromise or deny service to collocated tenants
TE-35 Lack of security insights, monitoring or manipulation of audit log integrity Manipulation of audit event data or inability to capture and audit actions, events or activities. This effects both integrity and non-repudiation of actions and events within information systems.
TE-36 Unauthorized changes or manipulation of information data records Corrupted or incorrect information within data records and storage, resulting in loss of confidence and integrity in data
TE-37 Compromise of confidential information or data breach Exfiltration of critical or sensitive information resulting in data breach
TE-38 Destruction of records through malicious user or malware infection Intentional loss of availability to critical or sensitive information via malicious insider or ransomware
TE-39 Distributed Denial of service (DDoS) across network layers Manipulation of network layers for protocol exploitation, crafting malformed packets, network traffic flooding or spoofing
TE-40 Distributed Denial of service (DDoS) across application services Manipulation of web and application layers including manipulation of application parameter or arguments, session or HTTP/S protocol.
TE-41 Brute force attempts on user or system accounts Brute force attempts for accessing credentials to timeout or lock accounts used by application or system services
TE-42 Denial of service on hosting platform or system services Exhaustion of underlying hosting platform memory or computing resources