A method, system and computer program product is disclosed that provides
timely, accurate and summarized information about possible threats to
information technology environments. It is a tool that looks at multiple
aspects of an IT threat, including both specific (traditional) IT threats
and general (non-traditional) IT threats, and rates each threat's overall
potential to do harm. A matrix is created that identifies a "threat
score" to allow prioritization and reaction to the threats. The matrix
takes both traditional IT threats and non-traditional IT threats and
normalizes them on the same scale, giving users of the matrix the ability
to understand the risks of both.