The threat statement, or the list of potential threat-sources, should be tailored to the individual organization and its processing environment (., end-user computing habits). In general, information on natural threats (., floods, earthquakes, storms) should be readily available. Known threats have been identified by many government and private sector organizations. Intrusion detection tools also are becoming more prevalent, and government and industry organizations continually collect data on security events, thereby improving the ability to realistically assess threats