### Definition >[!quote] A potential cause of an unwanted incident, which may result in harm to a system or organisation >\- ([[ISO 27000]]) >[!quote] A source of potential disruption that has the potential to cause a [[risk]] >\- Taylor et al A threat is an event that might cause a harmful consequence. Naturally, in a combative competition, one party's threat is another's opportunity. There are therefore very few universal threats. One model for identifying threats is [[STRIDE]] Threats may arise from nature or from human action; and they may be accidental or deliberate. Their source might be within or without the organisation. ## Categorisation A threat might prevent access to an asset, or enable [[authorisation|unauthorised]] access to an [[asset]]. Threats may be: - physical - failure - hacking/abuse - legal/contractual - accident/disaster