Difference between revisions of "Threat Actor"
Wiki admin (talk | contribs) |
Wiki admin (talk | contribs) |
||
| Line 17: | Line 17: | ||
== References == | == References == | ||
| − | * | + | * Adapted from STIX |
* Adapted from VERIS | * Adapted from VERIS | ||
[[Category:Cyber Risk]] | [[Category:Cyber Risk]] | ||
| + | [[Category:Threat Model]] | ||
Latest revision as of 10:23, 14 October 2021
Definition
Threat Actor. An individual, a group or an organisation believed to be operating with malicious intent and causing or contributing to a Cyber Incident
There can be more than one actor involved in any particular incident, and their actions can be malicious or non-malicious, intentional or unintentional, causal or contributory. VERIS recognizes three primary categories of threat actors:
- External
- Internal, and
- Partner.
External Actors
External threats originate from sources outside of the organization and its network of partners. Examples include criminal groups, lone hackers, former employees, and government entities. Also includes God (as in “acts of”), “Mother Nature,” and random chance. Typically, no trust or privilege is implied for external entities.
Internal Actors
Internal threats are those originating from within the organization. This encompasses company full-time employees, independent contractors, interns, and other staff. Insiders are trusted and privileged (some more than others).
Partners
Partners include any third party sharing a business relationship with the organization. This includes suppliers, vendors, hosting providers, outsourced IT support, etc. some level of trust and privilege is usually implied between business partners.
References
- Adapted from STIX
- Adapted from VERIS
