Explanation should include the following:
- Types of actors
- Script kiddies
- Hacktivist
- Organized crime
- Nation states/Advanced Persistent Threat (APT)
- Insiders
- Competitors
- Attributes of actors
- Internal/external
- Level of sophistication
- Resources/funding
- Intent/motivation
- Use of open-source intelligence
Process/Skill Questions:
- What would constitute a misconfiguration?
- How can business processes help prevent vulnerabilities?
- How does one determine whether a website has a buffer vulnerability?
- What is an example of a historical misconfiguration vulnerability?