What is it?
assigning attributes to what is responsible for a risk by different aspects of its nature, which includes:
- Internal vs External
- The level of sophistication/capability
- The amount of resources/funding
- The intent/motivation.
Why is it mentioned?
It is mentioned to abstract certain threats into their respective groups, then those groups can be evaluated rather than individual threats. Specific threats may need more attention than others, but not all threats can be thought of prior to it existing. Grouping it provides a way of generally dealing with many threats at once, making it easier to combat against, and manage.