Identify threats to the security scope and their business impacts on confidentiality, integrity, and availability of enterprise IT systems and data

 Consider the threats in terms of most likely and most dangerous so that the most important threats are considered