Vulnerability Identification
Specific avenues threat agents can exploit to attack an information asset are known as vulnerabilities. Examine how each threat can be generated and list organization’s assets and vulnerabilities. Process works best when people having diverse backgrounds within the organization work iteratively in a series of brainstorming sessions
In the end of risk identification process, list of assets and their vulnerabilities is obtained.