...
Vulnerability | Threat-source | Threat Action | Category of Harm | Likelihood | Impact | |||||
|---|---|---|---|---|---|---|---|---|---|---|
Impersonation in registration and/or transactions | Common Criminal, Identity Thief | Impersonation with intent to defraud using stolen identity credentials (registration credentials or NPS identity credentials) | Inconvenience, distress or damage to standing or reputation | Low: general criminals won't have subject area expertise to discover a fraud opportunity and there are probably much more attractive targets | Low: impersonated parties would be likely to notice quickly and impact could be mitigated | |||||
Impersonation in registration and/or transactions | Disgruntled industry employee | Impersonation with intent to defraud or defameusing stolen identity credentials (registration credentials or NPS identity credentials) | Inconvenience, distress or damage to standing or reputation | Moderate: industry an employee would have the means, but risk exposure is not significantly different in electronic transactions than it is in paper transactions | Low: impersonated parties would be likely to notice and impact could be mitigated | |||||
|
|
| Harm to agency programs or public interest |
|
| |||||
|
|
| Unauthorized release of sensitive information |
|
| |||||
|
|
| Civil or criminal violations |
| Impersonation in registration and/or transactions | Competitor | Impersonation using stolen identity credentials (registration credentials or NPS identity credentials) | Inconvenience, distress or damage to standing or reputation | Low: a competitor might have an opportunity to profit from fraud, but risk exposure is not significantly different in electronic transactions than it is in paper transactions | Low: impersonated parties would be likely to notice and impact could be mitigated |
Repudiation to escape accountability | Customer (fisher or processor) | Signer claims "I didn't sign that" | Inconvenience, distress or damage to standing or reputation |
| Low: in most cases a customer who repudiated an e-signed document submission could then be prosecuted for failure to file the repudiated document | Low: agency might expend effort | ||||
|
|
| Financial loss or agency liability |
|
| |||||
|
|
| Harm to agency programs or public interest |
|
| |||||
|
|
| Unauthorized release of sensitive information |
|
| |||||
|
|
| Civil or criminal violations |
|
| |||||
|
|
| Inconvenience, distress or damage to standing or reputation |
|
| |||||
|
|
| Financial loss or agency liability |
|
| |||||
|
|
| Harm to agency programs or public interest |
|
| |||||
|
|
| Unauthorized release of sensitive information |
|
| |||||
|
|
| Civil or criminal violations |
|
| |||||
|
|
| Inconvenience, distress or damage to standing or reputation |
|
| |||||
|
|
| Financial loss or agency liability |
|
| |||||
|
|
| Harm to agency programs or public interest |
|
| |||||
|
|
| Unauthorized release of sensitive information |
|
| |||||
|
|
| Civil or criminal violations |
|
| |||||
|
|
| Inconvenience, distress or damage to standing or reputation |
|
| |||||
|
|
| Financial loss or agency liability |
|
| |||||
|
|
| Harm to agency programs or public interest |
|
| |||||
|
|
| Unauthorized release of sensitive information |
|
| |||||
|
|
| Civil or criminal violations |
|
|