NoAVision ' s security team identified a threat scenario involving the forging of user rights...

According to ISO/IEC 27005:2022 Annex C, threats are grouped into categories including human actions (deliberate or accidental acts by people), technical failures (hardware or software malfunctions), and environmental events. The forging of user rights — where a malicious actor intentionally manipulates the IAM system to escalate privileges — is a deliberate human action. This falls under the " Human actions " threat category, which includes unauthorized access, misuse of privileges, identity fraud, and social engineering. " Compromise of functions or services " relates to denial of service or service disruption. " Infrastructure failures " refers to physical or technical breakdowns. Since the threat originates from an intentional human decision to forge credentials, Human actions is the correct classification per ISO/IEC 27005 threat taxonomy.

================