Documentation - Actors
In this step, the actors that pose a threat to information security are identified. Their actions can inadvertently lead to an incident due to lack of knowledge or lack of interest in information security or because they deliberately and purposefully carry out a digital attack.
Based on the stated willingness, level of knowledge and resources, RAFIS determines the threat level posed by an actor. If no resources are specified for an actor, RAFIS assumes that the actor has no malicious intent and that an incident caused by this actor was not intended.
The overview of possible actors is a necessary aid in estimating the probability of a threat during the risk analysis. The available handout, which can be made via the scope page, contains this overview.