Generate a list of bad actors for the use case. Describe whom you identified as a threat and what his or her motive might be.
Identify any weaknesses you see in the proposed software design, in terms of quality or security.
Generate a list of threats/attacks that might be used against the current use case. (See page 123 in the text, the SANS Top 20 list, and other online references for additional help in identifying attacks.)
Describe the possible impact(s) of each threat in your list.
Order your list of threats from greatest impact to least.
Choose one of the threats from your list and create a misuse case describing the possible actor(s), the actor’s possible motivations, the vulnerability/weakness targeted, possible threat(s), possible impact(s) of the threat, and ways in which the threat could be executed. Attempt to describe any possible remediation or countermeasures that could be applied to the use case to counter the threat.
