--- title: "Relationship between various Risk Scenario Components" slug: "relationship-between-various-risk-scenario-components" updated: 2025-04-03T11:59:54Z published: 2025-04-03T11:59:54Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.safe.security/llms.txt > Use this file to discover all available pages before exploring further. # Relationship between various Risk Scenario Components ## Introduction Risk Scenarios in SAFE enable users to model potential risks and understand their potential impact on various business resources. Constructing these scenarios requires a deep understanding of the complex relationships between Attack Outcomes, Threat Actors, and Business Resources. This guide aims to help users navigate through the process of selecting the appropriate Business Resources and Threat Actors to achieve desired Attack Outcomes. ## Defining a Risk Scenario ### Business Resources After selecting a group, the second step in creating a risk scenario is to define the relevant business resources within the organization. Business Resources can include a wide range of Data, Business Processes, and Cash. Carefully choose the specific Business Resources that are pertinent to the Risk Scenario they want to model. ### Threat Actors After identifying Business Resources, users are presented with potential Threat Actors that may target their organization. These Threat Actors can include Cyber Criminals, Advanced Persistent Threats (APTs), Nation-States, Privileged Insiders, and Non-Privileged Insiders. ### Attack Outcomes Once Business Resources and Threat Actors have been identified, users move on to the critical step of selecting Attack Outcomes. This involves exploring the potential impacts of the chosen Threat Actor on the selected Business Resources. Possible outcomes may include Ransomware with Data Exfiltration, Data Exfiltration, Distributed Denial of Service (DDoS), Ransomware without Data Exfiltration, Cryptomining, Financial Frauds, and others, as listed in the table below. ## Mapping of Attack Outcome to Threat Actor and Business Resource The table below provides a clear overview of the relationships between the core components of a Risk Scenario, assisting users in selecting relevant Business Resources, Threat Actors, and desired Outcomes. | **Attack Outcome** | **Threat Actor** | **Business Resource** | | --- | --- | --- | | Ransomware without Data Exfiltration | APTs | - Business Process generating revenue - Business Process Impacting Third Party's Revenue | | Cyber Criminals | - Business Process generating revenue - Business Process Impacting Third Party's Revenue | | Nation-State | - Business Process generating revenue - Business Process Impacting Third Party's Revenue | | Ransomware with Data Exfiltration | APTs | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data - Business Process generating revenue - Business Process Impacting Third Party's Revenue | | Cyber Criminals | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data - Business Process generating revenue - Business Process impacting Third Party's Revenue | | Nation-State | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data - Business Process generating revenue - Business Process impacting Third Party's Revenue | | Data Exfiltration | APTs | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data | | Cyber Criminals | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data | | Nation-State | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data | | Privileged Insider | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data | | Non Privileged Insider | - Sensitive Personal Data - IP & Trade Secrets Data - Co-owned Proprietary Data | | DDoS | APTs | - Business Process generating revenue - Business Process impacting Third Party's Revenue | | Cyber Criminals | - Business Process generating revenue - Business Process impacting Third Party's Revenue | | Nation-State | - Business Process generating revenue - Business Process impacting Third Party's Revenue | | Cryptomining | Cyber Criminals | - Business Process generating cost | | Financial Fraud | APTs | - Cash | | Cyber Criminals | - Cash | | Nation-State | - Cash | | Privileged Insider | - Cash | | Non Privileged Insider | - Cash | | Wiper | APTs | - Business Process generating revenue - Business Process Impacting Third Party's Revenue | | Cyber Criminals | - Business Process generating revenue - Business Process Impacting Third Party's Revenue | | Nation-State | - Business Process generating revenue - Business Process Impacting Third Party's Revenue | ## Mapping of Business Resources to Attack Outcome and Threat Actor | **Business Resource** | **Attack Outcome** | **Threat Actors** | | --- | --- | --- | | Sensitive Personal Data | Ransomware with Data Exfiltration | - APTs - Cyber Criminals - Nation-State | | Data Exfiltration | - APTs - Cyber Criminals - Nation-State - Privileged Insider - Non Privileged Insider | | IP & Trade Secrets Data | Ransomware with Data Exfiltration | - APTs - Cyber Criminals - Nation-State | | Data Exfiltration | - APTs - Cyber Criminals - Nation-State - Privileged Insider - Non Privileged Insider | | Co-owned Proprietary Data | Ransomware with Data Exfiltration | - APTs - Cyber Criminals - Nation-State | | Data Exfiltration | - APTs - Cyber Criminals - Nation-State - Privileged Insider - Non Privileged Insider | | Business Process generating revenue | Ransomware without Data Exfiltration | - APTs - Cyber Criminals - Nation-State | | Ransomware with Data Exfiltration | - APTs - Cyber Criminals - Nation-State | | DDoS | - APTs - Cyber Criminals - Nation-State | | Wiper | - APTs - Cyber Criminals - Nation-State | | Business Process Impacting Third Party's Revenue | Ransomware without Data Exfiltration | - APTs - Cyber Criminals - Nation-State | | Ransomware with Data Exfiltration | - APTs - Cyber Criminals - Nation-State | | DDoS | - APTs - Cyber Criminals - Nation-State | | Wiper | - APTs - Cyber Criminals - Nation-State | | Business Process generating cost | Cryptomining | - Cyber Criminals | | Cash | Financial Fraud | - APTs - Cyber Criminals - Nation-State - Privileged Insider - Non Privileged Insider |