An organization has recently suffered a series of security breaches that have significantly damaged its reputation. Several successful attacks have resulted in compromised customer database files accessible via one of the company's web servers. Additionally, an employee had access to secret data from previous job assignments. This employee made copies of the data and sold it to competitors. The organization has hired a security consultant to help them reduce their risk from future attacks.
What would the consultant use to identify potential attackers?
A. Asset valuation
B. Threat modeling
C. Vulnerability analysis
D. Access review and audit

The consultant will use Threat modeling to identify potential attackers. Threat modeling is a procedure for optimizing network security by recognizing purposes and vulnerabilities, and then setting countermeasures to block, or alleviate the consequences of, threats to the system so that in future the organization would prevent these type of attacks which affect the reputation in the competitive market as well as among the customer.