Table A1 reference

Threats relating to "Unintended human actions"

Ref

Mitigation

15.1

Innocent victim (e.g. owner, operator or maintenance engineer) is tricked into taking an action to unintentionally load malware or enable an attack

M18

Measures shall be implemented for defining and controlling user roles and access privileges, based on the principle of least access privilege

15.2

Defined security procedures are not followed

M19

Organizations shall ensure security procedures are defined and followed including logging of actions and access related to the management of the security functions
a0c0