Threat Assessment

Threat assessment is the process of identifying threat sources and profiling the types and capabilities of threat actors.

The goals of most types of adversaries will be to:
- steal (exfiltrate) information from the network
- misuse network services (for fraud, for instance)
- compromise the availability of the network
leverages information gathered from threat research

External vs Internal Threats

An external threat actor or agent is one that has no account or authorized access to the target system.

must infiltrate the security system using malware and/or social engineering
may perpetrate an attack remotely or on-premises
threat actor that is defined as external
- rather than the attack method

An internal (or insider) threat actor is a type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

could be:
- an employee
- contractors
- business partners

Identifying Threats

3 structured approaches to threat identification:
- Asset focus
  - use the asset inventory as the basis for the analysis
  - enumerate threats to each asset
- Threat focus
  - identify how specifics threat may affect each information system
- Service focus
  - identify the impact of various threats on a specific serviceJKJ
  - most commonly used by service providers

adam's notes

Table of Contents

Threat Assessment

External vs Internal Threats

Identifying Threats

Graph View

Backlinks