Week 2 Discussion

University of the Cumberlands

Individual Discussion II

January 14, 2020

Instructor: Dr. Sherri Brinson

Pruthvi Chetankumar Gandhi

Week 2 Discussion

How active is each threat agent? How might a successful attack server a particular threat agent’s

goals?

Ans: According to Carroll and Stalling, the likelihood of each threat agent actively performing an attack

against the enterprise for a given time period is defined as the number of times that the agent has been

active over that period. It is obvious that during the likelihood calculation we should ensure that the time

period value remains the same for all the agents under analysis. To determine how active each threat

agent is, we may use the following inputs:

• Threat agent Preference List – listing the threat agents that are selected for further investigation

• History Threat Agent Data – details of threat agent activity from internal and external sources

• Current knowledge of senior managers – their perspective about threat agent activity

• Current knowledge of stakeholders – their perspective about threat agent activity

• Current knowledge of staff – their perspective about threat agent activity

According to Schoenfield, the direct goal is rarely money (though commercial success or a nation-state

advantage may ultimately be the goal). The direct goal of the attack is usually data, information,

or disruption. Like cyber criminals, APT is a risk averse strategy, attempting to hide the intrusion and any

compromise. Persistence is an attribute. This is very unlike the pattern of cyber criminals, who prefer to

find an easier or more exposed target. Once the theft has occurred, they don’t want to be caught and

punished; their goal is to hang on to their illegitimate gains. (Schoenfield, 2014) The fact that a crime has

occurred will eventually be obvious to the victim.

Computer hacktivists are volunteers. They do get paid. If they do have full-time paying jobs, their

hacktivism has to be performed during their non-job hours. There are leaders who give the orders and
Week 2 Discussion

coordinate the work of the many to a single goal. Goals of some of the currently active threat agents are

as follows:

• Cyber-crimes: The goal is financial. Risk tolerance is low. Effort tends to be low to medium: cyber

criminals are after the low hanging fruit. Their methods tend to be proven.

• Industrial espionage: The goal is information and disruption. Risk tolerance is low. Effort can be quite

high, perhaps even extreme. Difficult targets are not a barrier. Methods are very sophisticated.

• Computer activists: The goal is information, disruption, and media attention. Risk tolerance is medium

to high (they are willing to go to jail for their beliefs). Their methods are computer savvy but not

necessarily sophisticated. They are willing to put in the time necessary to achieve their goal. (Bright,

Anderson and Cheng, 2011)

Week 2 Discussion

References:

1. Carroll, J.M, Computer Security, 3rd ed. 1996: Butterworth-Heinemann

2. Stalling, W., Network Security Essentials.2000: Prentice Hill

3. Schoenfield, Brook S.E. – Securing Systems: Applied Security Architecture and Threat

Models, CRC Press, 2014

4. Bright, P., Anderson, N., and Cheng, J, Unmasked,2011. Amazon Kindle. Retrieved from

http://www.amazon.com/Unmasked-Peter-Bright