Threats can be categorised in the following ways:
These are weaknesses intrinsic to a technology, software or hardware, and are a result of compromised design, development, manufacturing or scalability. These weaknesses are common in most software and, less frequently, hardware platforms.
These are weaknesses that result from configuration that does not adequately address the requirements of a secure network. Some possible causes might be lack of knowledge or experience of configuring technicians, poorly implemented change management, deliberate actions, or poor coding practices.
These are weaknesses in the governance and application of security protocols, processes and procedures. Some possible causes can be lack of relevant documented security policies, insufficient management support of policies, inadequately written policies or contradictions within policy frameworks.
These are weaknesses caused by human error and can often overlap, or cause, technology, configuration or policy weaknesses. Examples of human weaknesses include lack of knowledge to perform a task, rushing to meet deadlines, deliberate actions, social engineering or idealism.