Most access violations are:

A.

The most likely source of exposure is from the uninformed, accidental or unknowing person, although the greatest impact may be from those with malicious or fraudulent intent.

Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 192).

Most access violations are accidental. This means that they are not caused intentionally by someone trying to gain unauthorized access to a system, but rather by human error, misconfiguration, or lack of knowledge about security policies and procedures.

Accidental access violations can occur in a variety of ways. For example, an employee might forget to log out of a computer when they leave their desk, leaving their account open for anyone to use. Or, an administrator might misconfigure a security setting, inadvertently allowing unauthorized access to sensitive information.

While external hackers and internal hackers (such as disgruntled employees) can certainly cause access violations, they are not the most common cause. In fact, many security experts argue that most successful cyberattacks are the result of exploiting human error or misconfiguration rather than sophisticated hacking techniques.

Similarly, while the Internet has certainly increased the risk of security breaches, it is not directly related to the majority of access violations. Most access violations occur within an organization's own network, rather than over the Internet.

In summary, most access violations are accidental and caused by human error or misconfiguration, rather than intentional hacking or Internet-related factors.