***
Skip to content

Identify (Cybersecurity Understanding)

Cybersecurity Contexts Detect (Cybersecurity Monitoring) Govern (Cybersecurity Governance) Identify (Cybersecurity Understanding) Attack Surface Management Data Classification & Criticality Threat Modeling & Scenario Mapping Vulnerability Management Protect (Cybersecurity Controls) Recover (Cybersecurity Recovery) Respond (Cybersecurity Incident Response) Dependency & Relationship Mapping Technology Estate Inventory
Cybersecurity Contexts Detect (Cybersecurity Monitoring) Govern (Cybersecurity Governance) Identify (Cybersecurity Understanding) Attack Surface Management Data Classification & Criticality Threat Modeling & Scenario Mapping Vulnerability Management Protect (Cybersecurity Controls) Recover (Cybersecurity Recovery) Respond (Cybersecurity Incident Response) Dependency & Relationship Mapping Technology Estate Inventory
New to this diagram? Learn about the method: Use Case Tree · Use Case · Outcome

Identify focuses on understanding what the organization has, what matters most, and where the main exposures are, so security priorities and investments can be set based on business criticality.

Identification reduces wasted effort by ensuring security work targets the assets, services, and data that matter most to the business.

Outcomes

  • Clear understanding of critical services, owners, and dependencies
  • Prioritized remediation based on business impact
  • Improved visibility of exposures (attack surface, vulnerabilities)
  • Shared language for threat scenarios and risk discussions

What this includes

  • Attack surface management (internal and external)
  • Vulnerability management (discovery, prioritization, tracking)
  • Data classification and criticality
  • Threat modeling and scenario mapping