In identifying threat sources, range of effects is considered for which type of threats?

Considering threat sources without an attacker’s intent makes the most sense when you’re looking at the range of possible consequences. Non-adversarial threats—like natural events or accidental failures—don’t come with a deliberate plan to maximize damage. Their impact can vary widely depending on the scenario, system resilience, and preparedness, so you assess a spectrum of effects from minor disruptions to severe outages. This helps you understand how different, unintentional events could affect operations and where safeguards should be strongest. Adversarial threats, by contrast, center on an actor’s intent, capability, and methods, since a deliberate attacker can choose different attack vectors to achieve particular outcomes. Internal versus external threats describe where a threat originates, but the variability of impact tied to unplanned events is most directly captured by non-adversarial threats.