The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
A type of threat action whereby sensitive data is directly released to an unauthorized entity. (See: unauthorized disclosure.)
Usage: This type of threat action includes the following subtypes:
"Deliberate Exposure": Intentional release of sensitive data to an unauthorized entity.
"Scavenging": Searching through data residue in a system to gain unauthorized knowledge of sensitive data.
"Human error": /exposure/ Human action or inaction that unintentionally results in an entity gaining unauthorized knowledge of sensitive data. (Compare: corruption, incapacitation.)
"Hardware or software error": /exposure/ System failure that unintentionally results in an entity gaining unauthorized
knowledge of sensitive data. (Compare: corruption, incapacitation.)