1. Assets
1.1. Organizational
1.1.1. Threats
1.1.1.1. Embarrassment through website defacement
1.1.1.2. Cyber-squatters
1.1.1.3. Information leaks
1.1.1.3.1. Governamental
1.1.1.3.2. Corporations
1.1.1.4. Terrorism
1.1.2. Vulnerabilities
1.1.2.1. Information
1.1.2.2. Vulnerabilities in ICT
1.1.3. Controls
1.1.3.1. Technical
1.1.3.1.1. Firewall, IDP, IPS
1.1.3.2. Organizational
1.1.3.2.1. Policies
1.1.3.2.2. Awareness
1.1.3.3. Management
1.1.3.3.1. Insurance
1.1.3.3.2. SLAs
1.1.3.3.3. Supply chain management
1.1.4. Physical
1.1.4.1. Facilities
1.1.4.2. People
1.1.4.2.1. Human
1.1.5. Virtual
1.1.5.1. People
1.1.5.1.1. Identity
1.1.5.1.2. Personal data
1.1.5.1.3. Virtual currency
1.1.5.2. Information
1.1.5.2.1. Services
1.1.5.2.2. Business processes
1.1.5.2.3. Financial information
1.1.5.2.4. Intellectual Property
1.1.5.2.5. Domain, website, software
1.1.5.3. Facilities
1.1.5.3.1. CII
1.1.5.3.2. Electricity
1.1.5.4. Technology
1.1.5.4.1. Data hosting
1.1.5.4.2. Cloud services
1.1.5.5. Stakeholders
1.1.5.5.1. Interests
1.1.5.5.2. Dependencies
1.1.5.5.3. Supply chains
1.2. Personal
1.2.1. Threats
1.2.1.1. Leakage or theft of personal information
1.2.1.2. Zombie or bot
1.2.1.3. Fraud
1.2.1.4. Bullying
1.2.2. Vulnerabilities
1.2.2.1. Information
1.2.2.2. Vulnerabilities in ICT
1.2.3. Controls
1.2.3.1. Technical
1.2.3.1.1. Firewall
1.2.3.1.2. Antivirus
1.2.3.2. Organizational
1.2.3.2.1. Awareness
1.2.3.2.2. ISPs
1.2.4. Physical
1.2.4.1. People
1.2.4.1.1. Human
1.2.4.2. Facilities
1.2.4.2.1. Home
1.2.4.3. Technology
1.2.4.3.1. Devices
1.2.5. Virtual
1.2.5.1. Online identity
1.2.5.1.1. Avatars
1.2.5.2. Online credit information
1.2.5.3. References in virtual worlds
1.2.5.4. Virtual currency
2. Threat agents
2.1. Motives
2.1.1. Religious
2.1.2. Political
2.1.3. Economical
2.2. Capabilities
2.2.1. Knowledge
2.2.2. Funding
2.2.3. Size
2.3. Intentions
2.3.1. Fun
2.3.2. Crime
2.3.3. Espionage
3. 7.Stakeholders
3.1. 7.3. Providers
3.1.1. Service Providers (Internet, Application)
3.1.2. Suppliers
3.1.3. CII
3.1.4. Organizations
3.1.4.1. Private
3.1.4.2. Public
3.2. 7.2. Consumers
3.2.1. Individuals
3.2.1.1. Customers
3.2.2. Organisations
3.2.2.1. Private
3.2.2.1.1. Employees
3.2.2.2. Public
3.2.2.2.1. Employees