Define 'threat actor' as per the FAIR model.

The concept of a 'threat actor' in the FAIR model is defined as an individual or group that possesses both the capability and intent to exploit vulnerabilities. This definition captures the essence of what a threat actor does—eagerly seeking out weaknesses in systems or processes to mount an attack for various motives, such as financial gain, political motivations, or other malicious intents.

Understanding this context is crucial because it emphasizes the dual aspect of capability and intent. Capability refers to the skills, resources, or knowledge that a threat actor possesses to successfully carry out an attack. Intent, on the other hand, signifies the motivation behind their actions, making it clear that the mere existence of a vulnerability isn’t enough for a risk; there must also be an actor with the desire to exploit it.

In contrast, options that refer to organizational units or automated systems miss the critical layering of human intention and capability, which is fundamental to understanding threats in cybersecurity. These concepts are essential for adequately assessing risks and developing effective security measures within the FAIR framework.