Assesses potential threats and vulnerabilities to a system and identifies measures to mitigate these risks.