Threat is something against which assets are being protected. It can accidentally or intentionally damage or permanently destroy an asset. Threat si any event that may cause loss, unavailability or damage to an asset.
Basic principles in threats identification
- focus on assets, every asset facing some specific threats
- focus on the processes of assigning, changing and removing rights from employees
Steps for identifying threats
- Carefully analyze each asset and identify and assign potential vulnerabilities to it
- Identify vulnerabilities to each asset
- List these and create a link to the relevant asset
- Keep all information in the relevant catalog of vulnerabilities