In Operational analysis layer, i have a difficulty to catch the issue of entities with a bad influence on my system. The good exemple the thief. How can i define an operational capabilitie with this type of entity ?
From Arcadia method point of view, I would suggest first to separate
defining the thief behaviour, the assets that he is likely to steal, etc
and if needed in OA, specifying the way the organisation that you model would react or protect against thefts.
Usually, assets that the thief can steal are involved in operational interactions, either when transmitted from an actor to another, or when performing activities such as ‘store’, ‘retrieve’, etc., these assets.
The assets themselves can be described and characterised in the data model; the involved activities and interactions should then be characterised by the kind of goods (exchange items related to the former assets), and qualified as ‘to be protected’, for example (e.g. with a property value). The thief activities would also mention the same characterisation, or a link towards the activities and interactions to be protected.
If the thief tries to usurp the identity of one actor, then he will be source and destination of the same kind of interactions these actors would use to access the assets. If he uses other means, he will have specific action means and interactions.
Would this fit your need?