Professional Documents
Culture Documents
PruthviGandhi ISOL536 Spring2020Main Week2 Discussion
PruthviGandhi ISOL536 Spring2020Main Week2 Discussion
Individual Discussion II
How active is each threat agent? How might a successful attack server a particular threat agent’s
goals?
Ans: According to Carroll and Stalling, the likelihood of each threat agent actively performing an attack
against the enterprise for a given time period is defined as the number of times that the agent has been
active over that period. It is obvious that during the likelihood calculation we should ensure that the time
period value remains the same for all the agents under analysis. To determine how active each threat
• Threat agent Preference List – listing the threat agents that are selected for further investigation
• History Threat Agent Data – details of threat agent activity from internal and external sources
• Current knowledge of senior managers – their perspective about threat agent activity
According to Schoenfield, the direct goal is rarely money (though commercial success or a nation-state
advantage may ultimately be the goal). The direct goal of the attack is usually data, information,
or disruption. Like cyber criminals, APT is a risk averse strategy, attempting to hide the intrusion and any
compromise. Persistence is an attribute. This is very unlike the pattern of cyber criminals, who prefer to
find an easier or more exposed target. Once the theft has occurred, they don’t want to be caught and
punished; their goal is to hang on to their illegitimate gains. (Schoenfield, 2014) The fact that a crime has
Computer hacktivists are volunteers. They do get paid. If they do have full-time paying jobs, their
hacktivism has to be performed during their non-job hours. There are leaders who give the orders and
Week 2 Discussion
coordinate the work of the many to a single goal. Goals of some of the currently active threat agents are
as follows:
• Cyber-crimes: The goal is financial. Risk tolerance is low. Effort tends to be low to medium: cyber
criminals are after the low hanging fruit. Their methods tend to be proven.
• Industrial espionage: The goal is information and disruption. Risk tolerance is low. Effort can be quite
high, perhaps even extreme. Difficult targets are not a barrier. Methods are very sophisticated.
• Computer activists: The goal is information, disruption, and media attention. Risk tolerance is medium
to high (they are willing to go to jail for their beliefs). Their methods are computer savvy but not
necessarily sophisticated. They are willing to put in the time necessary to achieve their goal. (Bright,
References:
3. Schoenfield, Brook S.E. – Securing Systems: Applied Security Architecture and Threat
4. Bright, P., Anderson, N., and Cheng, J, Unmasked,2011. Amazon Kindle. Retrieved from
http://www.amazon.com/Unmasked-Peter-Bright