To further elaborate on the applicability of the metamodel we’ll describe a scenario where real world data can be used to instantiate the model and where the model offers substantial support to managerial tasks in information security. Based on the discussion in the prior section we’ve adapted the ISO 27001 metamodel to match our requirements for the scenario of vulnerability identification. Figure 5 shows the adapted security metamodel.