Standard Users – UB Users
UB – User Behaviour Rp -Related Page K -KQL Queries W– WebSites M – MITRE ATT&CK Reference
SCKIPT User Behaviour Matrix (Standard Users) | ||||
|---|---|---|---|---|
Source (UB) | Case Scenario (C) | Known Interactions (K) | Protection (P) | Threats (T) |
UB3. Users | UB3.C1 – Scan QR Codes UB3.C2 – User sign-in UB3.C3 – Take screenshots-photos of company data UB3.C4 -Users use different ISPs | UB3.C2.K1 – Sign-in attempts from anywhere UB3.C2.K2 – Sign-in on non-owner devices UB3.C4.K1 – Users contract and use non-secure ISP | UB3.C1.P1 – Monitor content/URLs behind QR Codes UB3.C2.P1 – Restrict User Sign-in by Country UB3.C3.P1 – Split information to not allow to identify sensitive / confidential data from one source – Whitemark, obfuscate, replace sensitive / Confidential data – DLP/DRM – Deny screenshot software and/or monitor it file extensions UB3.C4.K1.P1 – Monitor activities from non-secure ISP | UB3.C1.T1 – Access to malicious content through malicious URL after scan QR Codes UB3.C2.K1.T1 – Suspicious sign-in attempts from multiple countries in a short time UB3.C2.K2.T1 – User sessions remains active on non-owner devices after user activity UB3.C3.T1 -Data leakage of sensitive or critical information UB3.C4.K1.T1 -Sign-in attempts using non-secure ISP |