Skill Level
How technically skilled is this group of threat agents?

Motivation Level
How motivated is this group of threat agents to find and exploit this vulnerability?

Opportunity
What resources and opportunity are required for this group of threat agents to find and exploit this vulnerability?

Size
How large is this group of threat agents?

Ease of Discovery
How easy is it for this group of threat agents to discover this vulnerability?

Ease of Exploit
How easy is it for this group of threat agents to actually exploit this vulnerability?

Awareness
How well known is this vulnerability to this group of threat agents?

Intrusion Detection
How likely is an exploit to be detected?

Loss of Confidentiality
How much data could be disclosed and how sensitive is it?

Loss of Integrity
How much data could be corrupted and how damaged is it?

Loss of Availability
How much service could be lost and how vital is it?

Loss of Accountability
Are the threat agents' actions traceable to an individual?

Financial Damage
How much financial damage will result from an exploit?

Reputation Damage
Would an exploit result in reputation damage that would harm the business?

Non-Compliance
How much exposure does non-compliance introduce?

Privacy Violation
How much personally identifiable information could be disclosed?