At this stage, the system is analyzed for potential cybersecurity threats. This involves identifying Misuse Cases (how the system could be intentionally misused), constructing a Pre-Threat Scenario Table to list possible threats, defining Attack Paths from an IBD that an attacker might exploit, and documenting known Vulnerabilities. Based on this information, initial requirements are added to guide future mitigation, and potential threat sources are identified and will later lead to a POST-Threat Scenario Table.
To learn more, refer to the following pages: