Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
tryst@meow.social ("Tryst 🏴 🇮🇪 :ms_asexual_flag: :ms_cat_grin:") wrote:
@soatok I used to enjoy models like HMG IA Standard 1&2 that included both threat actors and threat sources, because it allowed for a lot more nuance and captured how legitimate system actors can become threat actors when influenced by a threat source.
I could have endless fun with them, however work drew the line when I started to include things like "inadequately managed change" and "management fads" as threat sources.