**5.2 Threat model**

In this phase, the threat associated with different IT entities is modeled using the vulnerability and exposure of the entities as follows.
