The IT Law Wiki


A threat analysis is

[a] process in which information about a threat or potential threat is subjected to systematic and thorough examination in order to identify significant facts and derive conclusions.[1]
[t]he examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.[2]
[a]n analysis of the probability of occurrences and consequences of damaging events to an ADP facility.[3]
[a]n analysis of the threat actions that might affect a system, primarily emphasizing their probability of occurrence but also considering their resulting threat consequences.[4]
[a]n evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against enterprise assets.[5]

A threat analysis is "[t]he detailed evaluation of the characteristics of individual threats.[6]


"The threat analysis usually defines the level of threat and the likelihood of it materializing."[7]


  1. DOE Manual 470.4-7, at 60.
  2. NIST Special Publication 800-27A, at A-4.
  3. NIST, FIPS 31.
  4. Internet Security Glossary, at 306.
  5. ISACA, Cybersecurity Fundamentals Glossary 31 (full-text).
  6. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  7. ISACA, Cybersecurity Fundamentals Glossary (full-text).

See also[]