Threats¶
Threats describe what can cause harm to assets.
Definition¶
A threat is a potential actor, event, or condition that can negatively affect confidentiality, integrity, availability, safety, privacy, trust, or business continuity.
Common threat families¶
| Threat family | Examples |
|---|---|
| Social | Phishing, impersonation, fraud |
| Credential | Password guessing, token theft, session misuse |
| Malware | Ransomware, spyware, destructive code |
| Insider | Misuse, error, unauthorized access |
| Supply chain | Vendor compromise, dependency compromise |
| Availability | Outage, overload, service disruption |
| Physical | Theft, facility issue, device loss |
| Environmental | Fire, flood, power loss |
Threat page pattern¶
A threat article should answer:
- What assets does this threat target?
- What weaknesses make it more likely?
- What safeguards reduce it?
- What evidence shows readiness?
- What leadership decisions are required?