One way to identify the entities is to start by answering the following four questions, which will help us understand the needs of the system in the context of security:

• Which applications need to be protected?
• Who are we protecting the applications from?
• Where should we protect them?
• Why are we protecting them?

Once we better understand these requirements, we can establish the security goals of our digital system.