Behaviors and Events Cluster

Sabotage

#sabotage#sabotage insider risk#sabotage insider threat
Core BoK™ Definition

Sabotage is intentional disruption, damage, degradation, deletion, or manipulation of systems, data, facilities, operations, or business processes.

Plain-Language Meaning

Sabotage is intentional disruption, damage, degradation, deletion, or manipulation of systems, data, facilities, operations, or business processes.

Why it Matters for Insider Risk Exposure

1

Helps define a common event type for use cases, controls, and investigations.

2

Connects business impact to access, data, monitoring, and evidence.

3

Supports internal linking from case studies, procedures, and metrics.

Real-World Scenarios / Examples

  • File deletion
  • system misconfiguration
  • logic bombs
  • equipment damage
  • data corruption

Common Mistakes / Misconceptions

  • Publishing detailed abuse methods.
  • Using one behavior alone to determine intent.
  • Ignoring business justification and authorization context.

Insider Risk Capability Framework™ (IRCF™) Alignment

Strong alignment with Monitoring, Analysis, Investigation, Data Protection, IAM, and Risk Management and Reporting.

Explore Capability Pillars

Want a Tailored Assessment?

Quantify your firm's actual exposure based on the canonical IRCF™ capability criteria. Let ITMG® audit access permissions, identity flows, and data storage scopes.

Request Guided Exposure Assessment

Manage Exposure with RiskTKO®

Automate real-world risk, alert, and incident metrics. RiskTKO® acts as the software nerve center, translating raw telemetry into actionable exposure metrics.

Request Platform Demo