This deals with identifying the adversaries (internal or external), their intent, and their capability to use the information against an organization. Once we identify the threats, we then can study their Techniques, Tactics, and Procedures (TTPs) and start prioritizing how we can monitor for these specific activities.