Help

let's start by each identifying one of the following:

1.  Asset identification:  Identify what might be a personal or business asset (think of something you have at home that you would like to protect, or something that your company has that needs protection).

2.  Attacker/threat identification:  Who are the likely attackers to that asset? What other threats are there that can negatively impact that asset?  Remember that an attacker is always a person with intent, and is only one type of threat - we also have natural disasters, accidents, etc. that are not "attacks" as they don't have malicious intent behind them.

3. Impact:  Identify the impact if the attack or threat was "actualized" (happened). Would there be a monetary loss? Loss of confidence (in the event of a business breach)? Fine (in the event of a loss of PII or PHI)?

4.  Remediation:  Research and recommend a security control (i.e. firewall, lock on a door, etc.) that can remediate (prevent, detect, correct, etc.) the attack or threat.