The Lore Of Hijacking Systems, Part 2

Operation: (Hu)Man

One cannot be vigilant 365 days a year, 24 hours a day, watching every corner, conceiving every single possibilities. The attacker can come from anywhere, in any form, any time, any how, and for the least expected reasons.
— Re: Vigil, 2003

In all organization, there are organization operational flows (and its Modus Operandi and Kultur) which organization needs to have high resolution traceability of (which the attackers would also be greatly keen, especially to find the lacks, gaps and exploitable vulnerabilities). These workflows should follow well-defined lifecycles, supported by tools and facilities.

1️⃣ Human and interactions over processes and procedures with their tools and facilities usage (especially where maybe lacking or misuse or abuse (hijack)).

When roles or functions are separated, the attention is divided. — 2006–05.23

2️⃣ Working components and possible entry points (if the organization does not have a comprehensive documentation or map out the entire terrain in high-resolution, the attackers would *).
* Principle: The one with lesser blindspots wins.

3️⃣ The interaction spans over from within the organization to external entities (or subjects, e.g. customer, contractors, vendors, authorized personnels, such as law enforcers, auditor, etc. collaboration) and objects (e.g. components, such as registered and trusted computational entities which…