| ISSRM domain model | KAOS extended to security | ||
| Synonyms in [21] | Language concept (modeling construct) | ||
| Asset-related concepts | Asset | Asset | Goal, Requirement, Expectation, Operation, Object |
| Business asset | |||
| IS asset | |||
| Security criteria | Security Goal | Goal | |
| Risk-related concepts | Risk | / | / |
| Impact | / | / | |
| Event | Threat Obstacle; anti-goal | Goal, Requirement, Expectation (in anti-model) | |
| Threat | |||
| Vulnerability | Vulnerability, domain property | Domain property | |
| Threat agent | Attackers, malicious agent, anti-agent | Agent | |
| Attack method | Potential capabilities of the attacker | Operationalisation + Domain and required conditions + Operations | |
| Risk treatment -related concepts | Risk treatment | Countermeasures | / |
| Security requirements | Security goal, security requirement, security expectation | Goal, Requirement, Expectation | |
| Control | / | New model implementing security components. | |