High Value Target Roles - Draft of Public Request for Comments

The concept of High Value Target Roles is part of the High Value Target approach for Information Systems, where we focus on the inherent impact of certain properties that a role or an information system exhibit and that can be abused by a potential threat actor.

The Request For Comments (RFC) is open from March 13, 2024 till April 10, 2024.

Proposed definition

A High Value Target role is the function of an internal or external actor with pre-authorised access who wittingly or unwittingly may significantly impair the cyber resilience posture of an organisation through the application of their abilities and knowledge. High Value Target roles may have pre-authorised access to either High Value Target systems, data, processes or third parties which may contain sensitive information or provide attributes which may serve further exploitation, compromise, unauthorised disclosure or tampering resulting in partial or complete mission degradation or impairment.

Proposed attributes

Potential additional attributes to consider

  1. Seniority - those users who know where the “bodies are buried”
  2. Offensive - those users who have pentesting and offensive security skills
  3. Geography - those users who are located in high-risk countries more approachable by external threat actors 

References

Definition of roles and actors, TOGAF
https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap03.html 

"TOGAF 3.2 Actor A person, organization, or system that has one or more roles that initiates or interacts with activities; for example, a sales representative who travels to visit customers. Actors may be internal or external to an organization. 
3.63 Role The usual or expected function of an actor, or the part somebody or something plays in a particular action or event. An actor may have a number of roles. The part an individual plays in an organization and the contribution they make through the application of their skills, knowledge, experience, and abilities." 

Definition of insider threat, White House
https://obamawhitehouse.archives.gov/the-press-office/2011/10/07/executive-order-13587-structural-reforms-improve-security-classified-net 

"Deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions, and systems of individual agencies"

Additional resources with potential to be leveraged
  • https://www.dni.gov/files/NCSC/documents/nittf/National_Insider_Threat_Policy.pdf 
  • https://www.cisa.gov/defining-insider-threats https://csrc.nist.gov/glossary/term/insider_threat
  • https://insights.sei.cmu.edu/blog/cert-definition-of-insider-threat-updated/
  • https://www.cisa.gov/resources-tools/resources/insider-threat-mitigation-guide
  • https://csf.tools/?s=insider

Follow Us

Copyright ©2022 High Value Target, All Rights Reserved.

High Value Target ®

Email: contact@highvaluetarget.org

We are a research firm that specializes in designing methodologies aimed at significantly increasing an organization’s cyber resilience posture against sophisticated cyber threats. We are actively engaged in leading cybersecurity communities and collaborate with best-in-class peers such as MITRE, ISSA, FIRST, NIST, OASIS Open.