Third party entities involved in incidents/threat events
Has anyone thought about how to characterize entities that may be involved in a threat event (incidents are internal security events for us).
I'm thinking for example of events like, for example, the State Owned Enterprises (SOEs) in the 61398 indictment that may be beneficiaries or indirectly involved but are not direct threat actors or victims but associated with the event.
We need to be able to capture those entities as a risk factor.
Thanks and hope everyone had a great long weekend.