Analyze the threats to understand the attack sequences that attackers would follow

 Assess security controls that log, detect, or block those attack sequences in terms of their ability to reduce the probability or the impact of the attack occurring

 If possible, investigate security control logs to see if attacks have occurred or are occurring and may be escaping detection