A technique for identifying and assessing potential security threats to an organization's information systems and data.