Sources of Risk
Sources of Risk can include any number of elements, however they can broadly be considered as:
Threat Actors (Criminals, Hackers, etc.)
Hazards (Explosives, Technology, etc.)
Sources of risk (Threat Actors) can come from a multitude of sources. However, the following broad categories can be a useful framework for analyzing sources of risk in a consistent fashion.
PLEASE NOTE: There is an inherent limitation in seeking to definitively categorize Threat Actors. These individuals and groups often fit into several categories. Examples include an Insider who commits a serious crime being concurrently part of a Serious Organized Criminal (SOC) group, or an Issue Motivated Group (IMG) who demonstrates the behavior of a Petty Criminal etc.
Some examples of potential hazards which could be used by Threat Actors.
Explosives (e.g. Improvised Explosive Devices)
Technology (e.g. Pineapple Tetra)
Radio frequency jammer
Unsecured microphones and cameras
Weapons (e.g. Guns, knives, etc.)
Software (e.g. hacking software, ransomware)
Hardware (e.g. electronic listening devices, keystroke loggers)
Nuclear (e.g. nuclear bombs or material)
Biological (e.g. White powder)
Radiological (e.g.radioactive ‘dirty bombs’)
Staff incompetence (e.g. inadequate IT security training)
Financial instruments (e.g. fraudulent invoices)