The IT Law Wiki


Computer security[]

A threat assessment is the

[p]rocess of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.[1]


A threat assessment is

a strategic document that looks at a group’s propensity for violence or criminality or the possible occurrence of a criminal activity in a certain time or place."[2]


A threat assessment is

[a]n assessment of a criminal or terrorist presence within a jurisdiction integrated with an assessment of potential targets of that presence and a statement of probability that the criminal or terrorist will commit an unlawful act. The assessment focuses on the criminal’s or terrorist’s opportunity, capability, and willingness to fulfill the threat.[3]
[a] product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.[4]
[a] judgment, based on available intelligence, law enforcement, and open source information, of the actual or potential threat to one or more Departmental facilities/programs.[5]
[a]n evaluation of the intelligence collection threat to a program activity, system, or operation.[6]


  1. CNSSI 4009.
  2. U.S. Department of Justice, National Criminal Intelligence Sharing Plan 42 (Oct. 2003).
  3. U.S. Department of Justice, Minimum Criminal Intelligence Training Standards for Law Enforcement and Other Criminal Justice Agencies in the United States 47 (Ver. 2) (Oct. 2007) (full-text).
  4. DHS Risk Lexicon, at 37.
  5. DOE Manual 470.4-7, at 60.
  6. Glossary of Security Terms, Definitions, and Acronyms, at 246.