Malicious threats to information security can come from which of the following?

Malicious threats to information security predominantly arise from intentional actions taken by individuals or groups who seek to exploit system vulnerabilities for their gain. External human sources encompass a variety of actors, including hackers, cybercriminals, and even insider threats such as disgruntled employees, who can deliberately target information systems with the intention of stealing data, disrupting services, or causing financial harm.

In this context, external human sources are the primary concern when defining malicious threats, as they actively engage in activities such as phishing, malware deployment, and other types of cyberattacks that are designed to compromise information security intentionally.

Natural disasters, equipment failure, and accidental data deletion are more aligned with non-malicious threats or operational risks, which, while they can impact information security, do not stem from intent to harm or exploit information systems. Understanding this distinction is crucial in effectively managing and mitigating security risks within an organization's information security framework.