A threat profile for the function is established that includes threat objectives and additional threat characteristics (for example, threat actor types, motives, capabilities, and targets)
Context and Guidance: The threat profile can be built from information about threats from reliable sources, both internal (such as results of threat assessments) and external (such as E-ISAC, CISA Central, and government briefings). The threat profile can be used to guide the identification and description of specific threats and can be used as input in the risk analysis process described in the Risk Management domain and in situational awareness activities described in the Situational Awareness domain. A threat profile may also help to guide identification of assets within the function that may be leveraged to achieve a threat objective as described in the Asset, Change, and Configuration Management domain. Development of a threat profile could occur prior to completion of a self-evaluation or following the completion of a self-evaluation as an activity identified as part of gap analysis and remediation.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THREAT-2c, THREAT-2e, THREAT-2i.