ELI5: What is Threat Assessment?
Who might try to break in, and how skilled are they? A threat assessment is like figuring out whether you need to worry about a house cat or a bear — it identifies the bad guys, what they can do, and how likely they are to target you.
Definition
Threat assessment is the process of identifying, analyzing, and evaluating potential threat sources — both internal and external — and their capabilities, motivations, and likelihood of targeting the organization. Threat sources include nation-state actors, organized cybercriminal groups, hacktivists, insider threats, and natural hazards. Understanding the threat landscape enables organizations to prioritize defensive investments against the most likely and impactful threats.
Key Details
- Threat actors are characterized by capability (sophistication), intent (motivation), and opportunity (access to the organization)
- Sources of threat intelligence: OSINT, industry ISACs, government alerts (CISA), commercial threat feeds, and dark web monitoring
- Threat assessments consider both technical threats (exploits, malware) and non-technical threats (social engineering, physical intrusion)
- Threat modeling frameworks (STRIDE, MITRE ATT&CK) provide structured approaches to identifying applicable threat scenarios
- Exam tip: threat assessment feeds into risk identification; understanding threat actors and their TTPs (Tactics, Techniques, Procedures) is foundational to risk management
Connections
- Parent: risk-assessment — threat assessment is a core component of the risk assessment process
- See also: risk-identification
- See also: vulnerability-assessment