The process of identifying, prioritizing, and defining countermeasures for potential threats. In the context of IT, these threats would be posed to a computer network. Countermeasures would be aimed at preventing and mitigating those threats. Vulnerabilities are identified from an attacker’s point of view, with the goal of providing defenders with a systematic analysis of a probable attacker’s profile, likely attack vectors, and the high-value assets likely to be targeted by an attacker.