One way to identify the entities is to start by answering the following four questions, which will help us understand the needs of the system in the context of security:
- Which applications need to be protected?
- Who are we protecting the applications from?
- Where should we protect them?
- Why are we protecting them?
Once we better understand these requirements, we can establish the security goals of our digital system.