Scenario S-012 - Accidental Infrastructure Misconfiguration
| Element | Description |
|---|---|
| Scenario ID | S-012 |
| Target asset | Global infrastructure (all virtualized hosts, network devices, and platform services) |
| Threat source | Human error or misapplied automation |
| Attack vector | Mistakes in configuration, faulty automation scripts, or unintended parameter changes |
| Potential impact | Exposure of internal services, service outages, potential for cascading failures across dependent systems |
| Likelihood | 🟧 Medium - manual errors and misconfigured automation are common, mitigated by review and testing |
| Impact rating | 🟥 High - misconfigurations can lead to service disruption, data exposure, and operational risks |
| Risk rating | 🟥 High |
Mitigation:
- Implement change management and peer review for all configuration changes.
- Use version-controlled automation (Ansible, Git) with testing in staging environments.
- Apply configuration validation and pre-deployment checks.
- Maintain rollback procedures and backup of configuration states.
- Monitor infrastructure for unexpected changes and anomalies.
Owners:
- Ops - configuration management, automation testing, and rollback.
- Sec - monitoring, auditing, and access control for critical configuration changes.
- Dev - ensuring automated scripts are idempotent and safe for production.
References:
- ISO 27001 - Control 5.1 Policies for information security.
- ISO 27001 - Control 8.2 Privileged access rights.
- ISO 27001 - Control 8.16 Monitoring activities.
- NIST CSF - ID.AM Asset Management.
- NIST CSF - PR.IP Protective Technology.
- EBIOS RM - Identification of configuration errors and mismanagement as risk factors.
Response actions:
- Containment - Stop affected automation runs, isolate misconfigured components if possible.
- Investigation - Identify the scope and root cause of the misconfiguration.
- Recovery - Apply correct configuration, restore affected systems from backup if necessary.
- Post-incident - Update change management procedures, improve automation testing, and document lessons learned.