Threat Actor

From Open Risk Manual
Revision as of 09:23, 14 October 2021 by Wiki admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Definition

Threat Actor. An individual, a group or an organisation believed to be operating with malicious intent and causing or contributing to a Cyber Incident

There can be more than one actor involved in any particular incident, and their actions can be malicious or non-malicious, intentional or unintentional, causal or contributory. VERIS recognizes three primary categories of threat actors:

  • External
  • Internal, and
  • Partner.

External Actors

External threats originate from sources outside of the organization and its network of partners. Examples include criminal groups, lone hackers, former employees, and government entities. Also includes God (as in “acts of”), “Mother Nature,” and random chance. Typically, no trust or privilege is implied for external entities.

Internal Actors

Internal threats are those originating from within the organization. This encompasses company full-time employees, independent contractors, interns, and other staff. Insiders are trusted and privileged (some more than others).

Partners

Partners include any third party sharing a business relationship with the organization. This includes suppliers, vendors, hosting providers, outsourced IT support, etc. some level of trust and privilege is usually implied between business partners.

References

  • Adapted from STIX
  • Adapted from VERIS