Threats are analyzed and cybersecurity risks evaluated Cybersecurity risk treatment options are determined Cybersecurity goals are defined for risk reduction and avoidance Traceability is established between the cybersecurity goals and the threat scenarios
