Hardware theft loss or disclosure of information: controls. Inappropriate use of it resources bad reputation or legal liability: policy must state what uses are not acceptable. Internal hacking, password cracking, copying information from an unattended computer. Spam virus, give out personal info, accidentally delete work-related messages. Sniffing gain unauthorized access to information: examples. Connecting a sniffing device to a router or switch. Connecting a sniffing device to a circuit. Connecting a computer w/ a sniffing program or a sniffing device to a wireless channel: wireless network. Access point must require strong authentication for connection by user devices. Software theft legal liability, loss of competitiveness: controls. Stringent procedures covering software updates, storage and distribution. Spoofing obtaining access using false identity, email spoofing/mac address spoofing: controls. Hardened work station and server os parameters. Digital signatures, user education and firewall (email spoofing) Virus has to be triggered: risks. Erasing o/s files causing computer to misbehave or shut down.