Identify critical information → This step identifies the information that must be protected and why it needs to be protected.
Analyze threats → Identifies who the unauthorized recipient is, the intentions of the unauthorized recipient, and the unauthorized recipient's capabilities.
Apply countermeasures → Identifies the actions that need to be taken to protect critical information.
Assess risks → Identifies the impact to the mission if the unauthorized recipient exploits a vulnerability and the overall impact of the unauthorized recipient learning our critical information.
Analyze vulnerabilities → Identifies the weaknesses the unauthorized recipient can exploit to uncover critical information.