Today’s technologies (social media, cloud computing, etc.) are creating more pressure for organizations to protect the privacy of their clients and mitigate the risk to the enterprise. Organizations that have adopted a strategy for privacy compliance are more successful in minimizing the risk associated with the safeguard of private information than those without one.
Entities that cause or contribute to an incident are known as threat actors, and more than one can be involved in any particular incident. Actions performed by them can be malicious or non-malicious, intentional or unintentional, causal or contributory, and stem from a variety of motives (all of which will be discussed in subsequent actor-specific sections). Identifying actors is critical to immediate corrective actions and longer-term defensive strategies.
VERIS specifies three primary categories of threat actors—external, internal, and partner.
- External: External actors originate outside the victim organization and its network of partners. Typically, no trust or privilege is implied for external entities.
- Internal: Internal actors come from within the victim organization. Insiders are trusted and privileged (some more than others).
- Partners: Partners include any third party sharing a business relationship with the victim organization. Some level of trust and privilege is usually implied between business partners.
Each enterprise has their own unique exposure to privacy and an in-depth analysis by InfoTransec security professional will help your organization develop a privacy strategy to fit your needs. We will ensure that your privacy strategy when implemented will fill compliance gaps and define privacy responsibilities.
Contact us today for a free consultation