A Threat is any potential cause of an unwanted incident that could result in harm to a system, organization, or individual. Threats can be natural (earthquakes, floods), human (hackers, disgruntled employees), or environmental (power failures, HVAC malfunctions).
Threat actors range from nation-states with sophisticated capabilities to script kiddies using automated tools. Understanding threat motivation—financial gain, espionage, hacktivism, or revenge—helps prioritize defenses and anticipate attack methods.
CISSP Relevance
Threats are analyzed throughout CISSP domains, particularly in Domain 1 (Security and Risk Management) for risk assessment and Domain 7 (Security Operations) for threat intelligence. The exam requires understanding how threats combine with vulnerabilities to create risk, and how threat modeling informs security architecture decisions.
CISA maintains current threat information at Cyber Threats and Advisories.
Related terms: Vulnerability, Risk Management