What?
It’s a way of identifying and evaluating threats to a specific system or application. There’s a lot you should consider:
- Adversary:
- Who are we protecting against? Often terrorists, script kiddie but also the users themselves. What would they be trying to do?
- Assets:
- What’re we protecting? Knowledge, gold bars, passwords etc.
- Threats:
- Hacking, etc.