1.2 Identify potential vulnerabilities to people, processes and assets