| Threat | Description |
| Spoofing Identity | An attacker poses as an authorized user by taking or faking an identity of another person. |
| Tampering with Data | An attacker modifies some information in the system by changing a data item. |
| Repudiation | An attacker deletes a transaction to cover up and deny his intrusion into the system. |
| Information Disclosure | Personal user data is stolen and sold to a competitor with an intent to make profit. |
| Denial of Service (DoS) | An attacker exhausts network resources to make it inaccessible to its intended users. |
| Elevation of Privilege (EoP) | An attacker, instead of spoofing identity, just elevates his own security level to an administrator. |