High Value Target Roles - Public Request for Comments

Why the Concept of High Value Target Roles

Defining High Value Target Roles is essential for cyber resilience because certain positions hold privileges, access paths, or decision power that can create outsized impact if misused or compromised. By identifying these roles, organizations can quantify and mitigate the magnitude of damage a threat actor—external or insider—could cause, ensuring that resilience controls, monitoring, and response capabilities are prioritised where failure would matter most.

 Understanding these roles is essential to the discipline of cyber resilience, as they represent focal points where human, procedural, and technical domains intersect. The misuse or compromise of an HVT role can amplify the impact of an incident, accelerate lateral movement, or enable strategic disruption. The table below represents the essence of this framework, summarizing the primary High Value Target role types.

The Request For Comments (RFC) is open.
Contact us to provide feedback via email

Definition

A High Value Target role is the function of an internal or external actor with pre-authorised access who wittingly or unwittingly may significantly impair the cyber resilience posture of an organisation through the application of their abilities and knowledge. High Value Target roles may have pre-authorised access to either High Value Target systems, data, processes or third parties which may contain sensitive information or provide attributes which may serve further exploitation, compromise, unauthorised disclosure or tampering resulting in partial or complete mission degradation or impairment.

Attributes of High Value Target Roles

Download a file

High Value Target Roles Word document - Request for Comments

Download

References

Definition of roles and actors, TOGAF
https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap03.html 

"TOGAF 3.2 Actor A person, organization, or system that has one or more roles that initiates or interacts with activities; for example, a sales representative who travels to visit customers. Actors may be internal or external to an organization. 
3.63 Role The usual or expected function of an actor, or the part somebody or something plays in a particular action or event. An actor may have a number of roles. The part an individual plays in an organization and the contribution they make through the application of their skills, knowledge, experience, and abilities." 

Definition of insider threat, White House
https://obamawhitehouse.archives.gov/the-press-office/2011/10/07/executive-order-13587-structural-reforms-improve-security-classified-net 

"Deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions, and systems of individual agencies"

Additional resources with potential to be leveraged
  • https://www.dni.gov/files/NCSC/documents/nittf/National_Insider_Threat_Policy.pdf 
  • https://www.cisa.gov/defining-insider-threats https://csrc.nist.gov/glossary/term/insider_threat
  • https://insights.sei.cmu.edu/blog/cert-definition-of-insider-threat-updated/
  • https://www.cisa.gov/resources-tools/resources/insider-threat-mitigation-guide
  • https://csf.tools/?s=insider

Key Contributors

Francesco Chiarini - author, CEO at High Value Target
Karol Bieniek - co-author, Cyber Resilience Threat Analyst at High Value Target
Search
IzzyWebsite AI Website Builder Website made with Kopage Build a Free Website