Intentional threats to the operating system are most commonly attempts to illegally access data or violate user privacy for financial gain. However, a growing threat is destructive programs from which there is no apparent gain. These exposures come from three sources:
1. Privileged personnel who abuse their authority. Systems administrators and systems programmers require unlimited access to the operating system to perform maintenance and to recover from system failures. Such individuals may use this authority to access users’ programs and data files.
2. Individuals, both internal and external to the organization, who browser the operating system to identify and exploit security flaws.
3. Individuals who intentionally (or accidentally) insert computer viruses or other forms of destructive programs into the operating system.