Threat analysis is the process of determining the
likelihood of harmful things occurring to your assets – who will do what to
what systems. This information, coupled with value of each of your systems,
forms the basis for making sound security decisions.
A threat is an indication of an impending event that is
harmful.[1] Something that is impending and harmful to one entity may not be to
another. A 6.0 magnitude earthquake is
harmful. Whether an earthquake is
impending or not is dependent on location.
According to the U.S. Geological Survey there is a 90% probability of a
6.0 or greater magnitude earthquake occurring in the San Francisco Bay region
before 2037. There is a 0% probability of a similar magnitude earthquake
occurring in Bismarck, North Dakota, during the same period. Earthquakes are a threat to those who live in
San Francisco. Earthquakes are not a threat to those who live in Bismarck.
Interestingly, with all the recent hydraulic fracturing in North Dakota, the
USGS may have to reassess their Bismarck earthquake assessment.