Threat Analysis

• Identify threats to desktop, server, and network via a structured methodology

• Rank those threats on a high/medium/low scale as to likelihood of occurrence and the likely harm if the threat occurred.

Desktop example (7 potential threats in all):

THREAT A-1: Unauthorized access to someone's desktop resulting in disclosure of sensitive data that has been stored on the desktop.

Server example (15 potential threats in all):

THREAT B-7: Someone who has access to the system as part of their job responsibilities uses that access to destroy data or programs.

Network example (8 potential threats in all):

THREAT C-3: Someone uses a packet sniffing tool to capture accounts and passwords to gain access to host systems containing sensitive medical data.