Threat Identification and Stakeholder Interview
Introduction
Interviewing stakeholders regarding their understanding of the applicable threat agents:
Taxonomy of Potential Threat Agents
| Threat Source | Motivation | Threat Actions | Low | Mod | High | Critical |
|---|---|---|---|---|---|---|
| Hacker, Cracker | Challenge, Ego, Rebellion | System Intrusion | ||||
| Computer Criminal | Destruction or alteration of Information | Fraud, Crime, Stalking | ||||
| Espionage | Competitive or economic advantage | Access to proprietary information | ||||
| Anarchist | Rejection of structure | Violence, disruption, destruction | ||||
| Civil Activist | Highly motivated but non-violent | Theft of data, electronic or business disruption | ||||
| Competitor | Business adversary competing for revenue | Theft of intellectual property or business data | ||||
| Corrupt Government Official | Acquiring company resources illigitimately | Organizational or physical business disruption | ||||
| Cyber Vandal | Derivates thrill from intrusion | Malware, computing disruption | ||||
| Data Miner | Professional data gatherer external | Theft of intellectual property and business data | ||||
| Employee, Disgruntled | Current or former employee intent to cause harm | Abuse of access, blackmail, theft, data corruption | ||||
| Government Spy | State sponsored spy supporting idealistic goals | Theft of intellectual property or business data | ||||
| Government Cyber Warrior | National scale state-sponsored attack | Severe business infrastructure disruption | ||||
| Internal Spy | Professional data gatherer as trusted insider | Theft of intellectual property personal or businesss data | ||||
| Irrational Individual | Irrational or person with illogical purpose | Personal violence resulting in business disruption | ||||
| Legal Adversary | Adversary in legal proceedings, warranted or not | Organizational business disruption access to business data | ||||
| Mobster | Organized crime boss with significant resources | Theft of intellectual propery, personal information, violence | ||||
| Radical Activist | Highly motivated destructive supporer of a cause | Property destruction, physical business disruption | ||||
| Sensationalist | "15 moments of fame" motivated, notoriety | Public announcements for public relations crisis, data theft | ||||
| Terrorist | Violence for social-political agenda, revenge | Violence, property and physical business disruption | ||||
| Thief | Opportunistic individual profit motivated | Theft of hardware and intellctual property | ||||
| Vendor | Business partner who seeks inside information | Theft of intellctual property or business data | ||||
| Employee, Reckless | Employee who bypasses safeguards for expediency | Benign shortcuts, misuse of auth, "pushed wrong button" | ||||
| Employee, Untrained | With harmless intent unknowingly misues system | Poor process, unforseen mistakes, "pushed wrong button" | ||||
| Information Partner | Voluntary sharing of sensitive information | Poor internal protection of company proprietary materials |
- Originally published as Intel's TARA "Threat Adversary Risk Assessment" tool
Remember the Axioms of Traditional Intelligence
- Believe in your own professional judgements.
- Be aggressive, and do not fear being wrong.
- It is better to be mistaken than to be wrong.
- Avoid mirror imaging at all costs.
- Intelligence is of no value if it is not disseminated.
- Coordination is necessary, but to not settle for the least common denominator.
- When everyone agrees on an issue, something is probably wrong.
- The consumer does not care how much you know, just tell him what is importnat.
- Form is never more important than substance.
- Aggressively pursue collection of information you need.
- Central Intelligence Agency "Axioms for Intelligence Analysts" Tradecraft 2000
Risk Assessment Process
- From NIST 800-30 R1 "Guide for Conducting Risk Assessments" Local Copy