Threat analysis is a process by which potential threats to safety, data protection, operations, finances etc. are identified, quantified and prioritized. The purpose of modeling threats is to provide defenders with a systematic analysis of the most likely attack scenarios on an organization’s assets. Potential threats may be ranked by determining an associated risk level that combines the probability of an attack with the severity of the consequences resulting from a successful attack.
Threat analyses are often performed in conjunction with attack tree and mitigation tree analysis. The threat analysis identifies critical threats and attack trees may be used to analyze these threats in more detail. Mitigation trees may then be used to further define the consequence of these threats taking into account various mitigation measures.