Secure Controls Framework
Download The SCF

Threat Management (THR)

Domain Principle

Proactively identify, assess and manage threats to Technology Assets, Applications, Services and Data (TAASD) and business processes to inform risk decisions and corrective actions.

Domain Intent

Organizations establish threat intelligence-informed capabilities to identify, assess, prioritize and manage technology-related and business-process threats to TAASD and determine appropriate risk responses.

Domain Guide

Threat management is the practice of understanding what adversaries are trying to do before they succeed, informing risk decisions and corrective actions based on that understanding. The THR domain governs how organizations build and maintain threat intelligence capabilities, identify relevant threats to their TAASD and business processes and determine appropriate risk responses.

 

The SCF's intent for THR emphasizes threat intelligence-informed capabilities. That framing matters. Threat management without current intelligence produces generic risk assessments that don't reflect the threat landscape the organization actually faces. An organization in critical infrastructure has different threat actors targeting it than a retail company; both need threat intelligence relevant to their actual exposure.

 

THR is distinct from Incident Response (IRO) because THR is prospective and IRO is reactive. Threat management informs what threats to prioritize and what controls to implement before incidents occur. IRO handles what happens when a threat becomes an incident. The two functions share information and threat intelligence from past incidents should feed threat management, but they address different timeframes and require different capabilities.