ABSTRACT
Many of the people reading this book will be acquainted with the concepts of threats, vulnerabilities, and risks, and how they relate to each other. However, to be sure that we are all speaking the same language, a review is in order. reats are either human based or natural in origin. A threat agent is the actor or active force that generates a speci¤c threat; it could be organized crime or mother nature. Understanding threat agents facing you and your assets is distinct from merely understanding the threat, and enables better mitigation strategies. Understanding the source of threats and the assets they are directing their eorts against is a form of “intelligence” in the cloak and dagger sense of the word. Many organizations have limited visibility or intelligence about threats generally, and therefore little insight into the threat agents, their motives and methods, and the types of assets they may target. Without such information, treating threats becomes uncomfortably close to guesswork.
