Toriel is an IT security consultant, specializing in social engineering and external penetration tests. Toriel has been hired on by Goat Defender Inc., a subcontractor for the US Department of Defense. Toriel has been given authority to perform any and all tests necessary to audit the company's network security. No employees for the company, other than the IT director, know about Toriel's work she will be doing. Toriel's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Toriel is able to gain her trust and they become friends. One day, Toriel steals the employee's access badge and uses it to gain unauthorized access to the Goat Defender Inc. offices. What type of threat would Toriel be considered?

Toriel is an IT security consultant, specializing in social engineering and external penetration tests. Toriel has been hired on by Goat Defender Inc., a subcontractor for the US Department of Defense. Toriel has been given authority to perform any and all tests necessary to audit the company's network security.

No employees for the company, other than the IT director, know about Toriel's work she will be doing. Toriel's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Toriel is able to gain her trust and they become friends. One day, Toriel steals the employee's access badge and uses it to gain unauthorized access to the Goat Defender Inc. offices.

What type of threat would Toriel be considered?

She would be considered an Insider Affiliate

Because she does not have any legal access herself, Toriel would be considered an Outside Affiliate

Since Toriel obtained access with a legitimate company badge; she would be considered a Pure Insider

Toriel is an Insider Associate since she has befriended an actual employee

Explanation

An insider affiliate is a spouse, child, friend or client of an employee who uses an employee’s credentials to gain access. This can be as simple as a client coming to visit an employee and obtaining a badge that gives that person access to the facility. If the person goes to use the rest room and on the way wanders around looking at what is on people’s desks or computers, he/she could glean some sensitive information. << please provide clarification how this is not an outsider? The method used was to become an insider affiliate but the overall attack was initially that of an outsider.