Читать книгу Risk Assessment - Marvin Rausand - Страница 120

An individual, a group or a thing that acts, or has the power to act, to cause, carry, transmit, or support a threat.

A threat actor is sometimes called a threat agent. An example of a threat agent is a hacker who breaks into computers, usually by gaining access to administrative controls.

To cause harm, a threat agent must have the intention, capacity, and opportunity to cause harm. Intention means the determination or desire to achieve an objective. Capacity refers to the ability to accomplish the objective, including the availability of tools and techniques as well as the ability to use these correctly. Opportunity to cause harm implies that the asset must be vulnerable to attack.

Vulnerability may be defined as follows: