A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks.
Which of the following would be BEST for the security manager to use in a threat model?
A.
Hacktivists B.
White-hat hackers C.
Script kiddies D.
Insider threats.
A.
A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks.
Which of the following would be BEST for the security manager to use in a threat model?
A.
Hacktivists
B.
White-hat hackers
C.
Script kiddies
D.
Insider threats.
A.
The BEST option for the security manager to use in a threat model given the scenario described would be A. Hacktivists.
A threat model is a structured approach used to identify and prioritize potential threats to an organization's assets, including its people, processes, and technology. It involves understanding the potential adversaries, their motivations, and their methods of attack.
In this scenario, the CISO has warned the security manager that the CEO's controversial opinion article could result in new cyberattacks. The security manager must therefore identify potential adversaries who may target the company's assets in response to the CEO's article.
Hacktivists are a group of adversaries who use hacking to promote their political or social agenda. They often target organizations that they perceive to be against their ideology or that they believe are involved in unethical practices. In this scenario, the CEO's controversial opinion article may trigger hacktivist groups who may view the company's actions as unethical or against their political or social agenda.
White-hat hackers are ethical hackers who work to identify vulnerabilities in an organization's systems and infrastructure to help them improve their security posture. Script kiddies are amateur hackers who use pre-existing tools and techniques to launch attacks without understanding the underlying concepts. Insider threats are employees or contractors who have authorized access to an organization's systems and use that access to cause harm.
While white-hat hackers, script kiddies, and insider threats may pose a threat to an organization's security, they are less likely to be motivated by the CEO's controversial opinion article. Therefore, A. Hacktivists would be the BEST option for the security manager to use in a threat model in this scenario.