misuse

The intentional use (by authorized users) of system resources for other than authorized purposes. Example: An authorized system administrator creates an unauthorized account for a friend. (See: misuse detection.)

A type of threat action that causes a system component to perform a function or service that is detrimental to system security. (See: usurpation.)

Usage: This type of threat action includes the following subtypes:

• "Tampering": /misuse/ Deliberately altering a system's logic, data, or control information to cause the system to perform unauthorized functions or services. (See: corruption, main entry for "tampering".)
• "Malicious logic": /misuse/ Any hardware, firmware, or software intentionally introduced into a system to perform or control execution of an unauthorized function or service. (See: corruption, incapacitation, main entry for "malicious logic", masquerade.)
• "Violation of authorizations": Action by an entity that exceeds the entity's system privileges by executing an unauthorized function. (See: authorization.)