You’ve reviewed the list of vulnerable assets, and in this step, you will docume

You’ve reviewed the list of vulnerable assets, and in this step, you will document threats. Recall that a threat is any event, action, or factor that has the potential to cause damage to the enterprise. Threats can come from a variety of sources, including people (a hacker stealing employee passwords) and natural events (a power blackout causing data loss).
Use the Internal and External Threats Template to add all threats and vulnerabilities—internal and external to the enterprise—and tie them to the itemized assets that will be affected. Note that external threats will include a comprehensive review by device type at network access, both direct and indirect, a view of the social media landscape as a threat.