Threat analysis is the process of determining the likelihood of harmful things occurring to your assets – who will do what to what systems. This information, coupled with value of each of your systems, forms the basis for making sound security decisions.
A threat is an indication of an impending event that is harmful. Something that is impending and harmful to one entity may not be to another. A 6.0 magnitude earthquake is harmful. Whether an earthquake is impending or not is dependent on location. According to the U.S. Geological Survey there is a 90% probability of a 6.0 or greater magnitude earthquake occurring in the San Francisco Bay region before 2037. There is a 0% probability of a similar magnitude earthquake occurring in Bismarck, North Dakota, during the same period. Earthquakes are a threat to those who live in San Francisco. Earthquakes are not a threat to those who live in Bismarck. Interestingly, with all the recent hydraulic fracturing in North Dakota, the USGS may have to reassess their Bismarck earthquake assessment.