Any potential danger to an asset.

Threats can be intentional or accidental. They cause damage, destruction, altercation, loss or disclosure of an asset.

Typical Threat Actors:

• Script kiddies
• Organization crime groups
• State sponsors and governments
• Hacktivists
• Terrorist groups

Threat intelligence

Is the knowledge about an existing or emerging threat to an asset.

Threat event

Accidental or/and intentional exploitation of vulnerabilities.

Examples: Start of a hacking attack, human error, power outage, flood, fire, earthquake, etc.

Threat Categorization Scheme

STRIDE

Spoofing (Anti Authenticity)

An attack using a falsified identity.

Tampering (Anti Integrity)

Unauthorized changes or manipulation of data that is in transit or in storage.

Repudiation (Non-repudiation)