CIS 333 2.1

7. A sovereign state threat agent that may wage an all-out war on a target and have significant resources for the attack.
8. Information that is readily available to the public and doesn't require any type of malicious activity to obtain.
9. A threat from authorized individuals (insiders) who exploit assigned privileges and inside information to carry out an attack.
14. An attack in which the threat actor is almost always trying to make money as fast as possible and with minimal effort.
15. A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn’t malicious like a black hat hacker.

1. A subcategory of hacker threat agents. Cybercriminals are willing to take more risks and use more extreme tactics for financial gain.
2. A threat that focuses on getting into a system and stealing information. It is usually a one-time event, so the attacker is not concerned with detection.
3. A type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.
4. A threat that seeks to gain access to a network and remain there undetected.
5. A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data.
6. A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack.
10. A skilled hacker who uses skills and knowledge for illegal or malicious purposes.
11. A threat agent who carries out attacks on behalf of an organization and targets competing companies.
12. A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission is given.
13. Any threat agent who uses technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information.