Dave & Michael,
In the DoD environment, a threat analysis for a system identifies the
classes of adversaries that the author believes are of concern, and
describes their capabilities and motivations. Russ's three questions
are a concise way of stating this:
- The "bad actors" are adversaries.
- Their capabilities allude to where the adversaries "fit
into the system" and what sorts of attacks they may employ of effect
their goals.
- Their motivations indicate what they are trying to do, the
flip side of "what are we trying to prevent them from doing."
The term is often used more broadly in the commercial world today,
encompassing activities that might be better termed "threat
assessment" "risk analysis" etc.
Steve
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf