Which layer of the security model is prone to malware, phishing, exploitation of known vulnerabilities, insider threats, and device theft or loss?

Protecting the devices users rely on is the focus here. This layer targets the endpoints—workstations, laptops, and mobile devices—that people use to access systems. Malware and phishing are common attack methods that take advantage of what runs on those devices and the users who interact with them. Exploitation of known vulnerabilities often arrives through software on endpoints, and insider threats operate within the same device and user context. When a device is lost or stolen, the data on that endpoint is exposed unless safeguards are in place. Endpoint security addresses these risks with tools and practices like anti-malware, phishing defenses and user education, timely patching to close known vulnerabilities, device encryption to protect data at rest, and monitoring to detect suspicious activity. In contrast, network security focuses on traffic and borders, the human/physical layer covers people and physical access more broadly, and mission-critical assets/user access management centers on who can access what—without specifically securing the device itself. Therefore, safeguarding the endpoint layer best fits the threats described.