Assessment: Actors

[eddie-knight]

Actors
This section is nested beneath Overview, at the same level as Background. Your content here will vary in length depending on the complexity of your system.

In this situation, Actors are not equivalent to Threat Actors. Instead of looking at the human element (actors using different parts of the system), this is looking at functional elements that are able to act upon each other.

“These are the individual parts of your system that interact to provide the desired functionality. Actors only need to be separate if they are isolated in some way. For example, if a service has a database and a front-end API, but a vulnerability in either one would compromise the other, then the distinction between the database and front-end is not relevant.

The means by which actors are isolated should also be described, as this is often what prevents an attacker from moving laterally after a compromise.” - TAG Security

Simply put: Write down any moving parts that are functionally independent.

### Actors

1. The core executable, [Privateer](htt‌ps://github.com/privateerproj/privateer), serves to initialize all plugins. This process will continue running concurrently while sequentially initializing Raids as secondary processes.
2. Raid plugins, built in the style of the [raid wireframe](ht‌tps://github.com/privateerproj/privateer-raid-wireframe), are executed independently of the core process and are fully unaware of other Raid processes.