Threat actors in the cyber realm range in function and form, in geography and crew size, in almost every variable imaginable. Even though the number of permutations are almost unfathomable, it is necessary to hone the types down for purposes of cyber threat analysis and intelligence sharing. This section provides a slide deck with a useful cybersecurity industry supported typology for characterizing threat actors.
Key to the process of understanding threat actors is a full grasp of your own information assets that may be targeted, your network and end-point vulnerabilities, your standing in your market sector, your standing within the economy, the value of your intellectual property (including your customer database), and other geopolitical factors that may lead a treat actor to target you. In order for your cyber threat analysts to effectively characterize the digital evidence on your network and endpoints upon which they can draw inferences for testing alternative hypotheses on who the threat actor(s) might be, it is also important to gain an understanding of motive and intent. The following slide deck provides a useful summary of current thinking in this area.