Threat Identification
After identifying and performing a primary classification of an organization’s information assets, the analysis phase moves onto an examination of threats facing organization. The realistic threats are required to be investigated further while the unimportant threats are set aside.
Examination of identify, prioritize threats and threat agents is called as threat assessment. Each thread can be addressed based on following few questions.
• Which threats present danger to assets?
• Which threats represent the danger to information?
• How much would it cost to recover from the attack?
• Which threat needs greatest expenditure to prevent?