Asset: What needs to be protected
Threat: What the device/user need to be protected from
Vulnerability: Weakness or gap in the protection mechanism
Reduce Vulnerabilities
- deactivate unused interface ports
- deactivate debug port
- hardware based protections
- adopting security by design