One method of applying an attacker mindset is using attack simulations. These activities are normally performed in one of two ways: proactively and reactively. Both approaches share a common goal, which is to make systems safer.

• ? simulations assume the role of an attacker by exploiting vulnerabilities and breaking through defenses. This is sometimes called a red team exercise.

• ? simulations assume the role of a defender responding to an attack. This is sometimes called a blue team exercise.

st____________ actors are government intelligence agencies.

criminal syn___________ refer to organized groups of people who make money from criminal activity.

ins__________ threats can be any individual who has or had authorized access to an organization’s resources. This includes employees who accidentally compromise assets or individuals who purposefully put them at risk for their own benefit.

sha__________ IT refers to individuals who use technologies that lack IT governance. A common example is when an employee uses their personal email to send work-related communications.

Because the formal definition of a hacker is broad, the term can be a bit ambiguous. In security, it applies to three types of individuals based on their intent:

unau___________ hackers

Authorized, or eth___________, hackers

Sem_________-authorized hackers