2.1

Question 1

An entity responsible for an event that has an impact on the safety of another entity

Answer 1

Threat actor

AKA malicious actor

Question 2

3 types of threat actor categorization

Answer 2

Internal/external
Resources/funding
Level of sophistication/capability

Question 3

A threat actor backed by governments/government agencies

Motivations of data exfiltration, philosophical, revenge, disruption, war

External

Often an APT

Very high sophistication

Answer 3

Nation state

Question 4

A threat actor who runs pre-made scripts without any knowledge of what’s really happening

Motivated by the hunt - disruption, data exfiltration, sometimes philosophical

Can be internal or external

Not very sophisticated

No formal funding - looks for low-hanging fruit

Answer 4

Unskilled attacker

Question 5

A threat actor with a purpose

Motivated by philosophy, revenge, disruption, etc.

Often external, but may also be an insider threat

Can be remarkably sophisticated

Limited funding

Answer 5

Hacktivist

Question 6

A threat actor who uses their privileged knowledge of an organization to attack that organization

Motivated by revenge or financial gain

ALWAYS internal

Extensive resources - uses the org’s own resources against them

Medium level of sophistication - has institutional knowledge

Answer 6

Insider threat

Question 7

A threat actor compromised of professional criminals. They perform their crime in an organized way: one person hacks, another manages exploits, another sells the data, another handles customer support, etc.

Motivated by money

Almost always external

Very sophisticated - need the skills to back up their pay

Lots of capital to fund hacking efforts

Answer 7

Organized crime

Question 8

A threat actor that is a group or department that works around the existing policies/procedures of the IT department in an organization. They may build their own infrastructure, install their own applications, and start using them without the IT department realizing what is happening. They are not under the limitations of change control, security policies, and the org’s budget.

Motivated by philosophical beliefs, revenge

Internal

Limited resources

Medium sophistication - may not have IT training/knowledge, makes it more insecure

Answer 8

Shadow IT

Question 9

Name the threat actor

Location: external

Resources: extensive

Sophistication: very high

Motivations: data exfiltration, philosophical beliefs, revenge, disruption, war

Answer 9

Nation state

Question 10

Name the threat actor

Location: external

Resources: limited

Sophistication: very low

Motivations: disruption, data exfiltration, philosophical beliefs

Answer 10

Unskilled attacker

Question 11

Name the threat actor

Location: external

Resources: some funding

Sophistication: can be high

Motivations: philosophical beliefs, revenge, disruption/chaos

Answer 11

Hacktivist

Question 12

Name the threat actor

Location: internal

Resources: many resources

Sophistication: medium

Motivations: revenge, financial gain

Answer 12

Insider threat

Question 13

Name the threat actor

Location: external

Resources: many resources

Sophistication: very high

Motivations: financial

Answer 13

Organized crime

Question 14

Name the threat actor

Location: internal

Resources: many resources

Sophistication: limited

Motivations: philosophical beliefs, revenge

Answer 14

Shadow IT