or a software that can be exploited. Threat A threat is anything that could exploit a vulnerability Risk Risk is the probability of a negative event occurring Sensative info Usernames, passwords, secret keys, secrets, config files, Service Entities IT Infrastucture Services provided by Cloud Service provider. Attacker, Victim, Organization, Service Provider Servers, Storage and Networking Capabilities Event, Incident, Security Incident Potential events which breaks CIA Triad