Analyze the threats to understand the attack sequences that attackers would follow
Assess security controls that log, detect, or block those attack sequences in terms of their ability to reduce the probability or the impact of the attack occurring
If possible, investigate security control logs to see if attacks have occurred or are occurring and may be escaping detection