...
NIST 800-30: Risk Management Guide for Information Technology Systems defines risk as a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. The threat and vulnerability identification process that follows is based on NIST 800-30.
Users and functionality
The trawl fleet (whiting) is most technology sophisticated.
Fish tickets are reported by processors, but some are "white van fleet".
...