Analysis of threats and risks should include
differentiating between a threat and a risk
identifying internal and external threats and risks
prioritizing various threats and risks
reporting threats and risks.