Quiz Entry - updated: 2026.07.14
What are the five main categories of threats to information security?
The five threat categories are: deliberate manipulation, human misbehavior, organizational weaknesses, technical failures, and force majeure.
* The five threat categories — deliberate manipulation, human misbehavior, organizational weaknesses, technical failures, force majeure. *
| Category | Nature | Examples |
|---|---|---|
| Deliberate manipulation | Intentional attacks | Hacking, DDoS, malware, eavesdropping |
| Human misbehavior | Unintentional human errors | Negligence, ignorance, gullibility |
| Organizational weaknesses | Process/management gaps | Missing policies, unclear responsibilities |
| Technical failures | System/component failures | Misconfigurations, unpatched software, broken monitoring |
| Force majeure | Uncontrollable external events | Natural disasters, fire, war |
Key insight: Security programs must address ALL five categories. Many organizations focus only on deliberate attacks (technical controls) while neglecting human factors, organizational processes, and disaster preparedness.
How controls map:
- Deliberate manipulation → Technical & detective controls
- Human misbehavior → Awareness training & process controls
- Organizational weaknesses → Governance & management controls
- Technical failures → Maintenance & configuration management
- Force majeure → Business continuity & disaster recovery
Go deeper:
Threat (computer security) (Wikipedia EN) — how threats are defined and classified, and how they relate to vulnerabilities and risk.