• A potential danger to information or a system
• An example: the ability to gain unauthorized access to systems or
information in order to commit fraud, network intrusion, industrial
espionage, identity theft, or simply to disrupt the system or network
• There may be weaknesses that greatly increase the likelihood of a
threat manifesting
• Threats may include equipment failure,
structured attacks, natural disasters,
physical attacks, theft, viruses and
many other potential events causing
danger or damage