// Phase 3 Threat Actor Analysis guide. Use when identifying threat actors, setting relevance and priority, or analyzing who might attack the system.
| name | phase-3-threat-actors |
| description | Phase 3 Threat Actor Analysis guide. Use when identifying threat actors, setting relevance and priority, or analyzing who might attack the system. |
Identify who might attack this system, what motivates them, and what they're capable of. This focuses threat identification in Phase 6 on realistic scenarios.
The system pre-loads 10 default threat actors (TA001-TA010):
| ID | Name | Type | Capability | Motivations |
|---|---|---|---|---|
| TA001 | Insider | Insider | Medium | Financial, Revenge |
| TA002 | External Attacker | External | Medium | Financial |
| TA003 | Nation-state Actor | Nation-state | High | Espionage, Political |
| TA004 | Hacktivist | Hacktivist | Medium | Ideology, Political |
| TA005 | Organized Crime | Organized Crime | High | Financial |
| TA006 | Competitor | Competitor | Medium | Financial, Espionage |
| TA007 | Script Kiddie | Script Kiddie | Low | Curiosity, Reputation |
| TA008 | Disgruntled Employee | Disgruntled Employee | Medium | Revenge |
| TA009 | Privileged User | Privileged User | High | Financial, Accidental |
| TA010 | Third Party | Third Party | Medium | Financial, Accidental |
Mark whether a threat actor applies to this system. Set is_relevant=false for actors that don't apply.
Rank from 1 (highest threat) to 10 (lowest). Consider both likelihood and potential impact.
| Parameter | Values |
|---|---|
| type | Insider, External, Nation-state, Hacktivist, Organized Crime, Competitor, Script Kiddie, Disgruntled Employee, Privileged User, Third Party, Other |
| capability_level | Low, Medium, High |
| motivations | List of: Financial, Political, Espionage, Reputation, Revenge, Ideology, Curiosity, Accidental, Disruption, Other |
| resources | Limited, Moderate, Extensive |
list_threat_actors() -- Review all actorsget_threat_actor(id) -- Detailed view of one actoranalyze_threat_actors() -- Automated analysisreset_threat_actors() -- Reset to defaultsclear_threat_actors() -- Remove all| Business Context | Likely Relevant | Likely Not Relevant |
|---|---|---|
| Internal tool, small team | Insider, Privileged User, Script Kiddie | Nation-state, Organized Crime |
| Financial/healthcare SaaS | All actors relevant | - |
| Public API, no sensitive data | External, Script Kiddie | Nation-state, Organized Crime |
| Government system | Nation-state, Insider, Hacktivist | Competitor |
| E-commerce | External, Organized Crime, Script Kiddie | Nation-state |
get_phase_3_guidance()list_threat_actors() to review defaultsanalyze_threat_actors() for automated analysisanalyze_threat_actors() completedadvance_phase() to proceed to Phase 4Phase 1 Business Context Analysis guide. Use when starting a threat model, setting business context, or configuring business features like industry sector, data sensitivity, and regulatory requirements.
Phase 2 Architecture Analysis guide. Use when documenting system components, connections, data stores, or analyzing technical architecture for threat modeling.
Phase 4 Trust Boundary Analysis guide. Use when defining trust zones, crossing points, and security boundaries between system components.
Phase 5 Asset Flow Analysis guide. Use when identifying valuable assets, tracking data flows, or analyzing how sensitive data moves through the system.
Phase 6 Threat Identification guide with STRIDE methodology reference. Use when identifying threats, categorizing security issues, applying STRIDE analysis, or assessing threat severity and likelihood.
Phase 7.5 Code Validation guide. Use when validating threats against actual code, checking which security controls are implemented, or generating remediation reports.