Zum Hauptinhalt springen
CENEDRIL WIKI
DE

Elementary Threats

The BSI IT-Grundschutz catalogue defines 47 elementary threats — from fire to malware to social engineering. Each threat describes a damage scenario that can affect information assets. For every threat you will find a practice-oriented explanation with concrete examples and the ISO 27001 controls that mitigate it.

What are elementary threats?

Elementary threats are the basic building blocks of BSI IT-Grundschutz risk analysis. They describe generic damage scenarios independent of specific systems or applications. Each threat can be triggered deliberately (attack), accidentally (operational error) or by environmental influences (natural events) and affects one or more security objectives: confidentiality, integrity and availability.

In ISO 27001 risk treatment, these threats help you select the appropriate controls. Every threat page therefore links directly to the Annex A controls that address the respective risk.

All 47 threats 47

G 0.1 — Fire G 0.2 — Unfavourable Climatic Conditions G 0.3 — Water G 0.4 — Contamination, Dust, Corrosion G 0.5 — Natural Disasters G 0.6 — Disasters in the Surroundings G 0.7 — Major Events in the Surroundings G 0.8 — Failure or Disruption of the Power Supply G 0.9 — Failure or Disruption of Communication Networks G 0.10 — Failure or Disruption of Supply Networks G 0.11 — Failure or Disruption of Service Providers G 0.12 — Electromagnetic Interference G 0.13 — Interception of Compromising Emanations G 0.14 — Information Gathering (Espionage) G 0.15 — Eavesdropping G 0.16 — Theft of Devices, Storage Media or Documents G 0.17 — Loss of Devices, Storage Media or Documents G 0.18 — Poor Planning or Lack of Adaptation G 0.19 — Disclosure of Sensitive Information G 0.20 — Information or Products from Unreliable Sources G 0.21 — Manipulation of Hardware or Software G 0.22 — Manipulation of Information G 0.23 — Unauthorised Access to IT Systems G 0.24 — Destruction of Devices or Storage Media G 0.25 — Failure of Devices or Systems G 0.26 — Malfunction of Devices or Systems G 0.27 — Lack of Resources G 0.28 — Software Vulnerabilities or Errors G 0.29 — Violation of Laws or Regulations G 0.30 — Unauthorised Use or Administration of Devices and Systems G 0.31 — Incorrect Use or Administration of Devices and Systems G 0.32 — Abuse of Permissions G 0.33 — Loss of Personnel G 0.34 — Attack G 0.35 — Coercion, Extortion or Corruption G 0.36 — Identity Theft G 0.37 — Repudiation of Actions G 0.38 — Misuse of Personal Data G 0.39 — Malware G 0.40 — Denial of Service G 0.41 — Sabotage G 0.42 — Social Engineering G 0.43 — Replaying of Messages G 0.44 — Unauthorised Entry into Premises G 0.45 — Data Loss G 0.46 — Loss of Integrity of Sensitive Information G 0.47 — Harmful Side Effects of IT-Supported Attacks