T &V & C => Risk

• What is the threat profile?

• What does the threats do?

• What is vulnerable re: that threat profile?

• How dependent on vulnerable systems?

• What is the consequence of exploitation?

• Can the harm be mitigated in other ways?

• How can we do these things?

• What fits the way we work?

Notes: