====== Threat Vector (Attack Vector) ======
The method an attacker uses to get access to the system

Common methods: email, SMS, [[phishing]] 

embedded malware, e.g. javascript within an SVG image or within compressed zip file 

vishing - voice phishing, calling 

war dialing - looking for unpublished numbers 

bluetooth is a vector 

Hardware Addition Attack - plugging a physical device into a machine on the network and gaining access 
  * 802.1x (port based network access control) is important for protecting wireless networks to prevent this

Supply Chain - a third party vendor may have access to your systems temporarily 
  * happened to Target in 2013, hackers used the HVAC contractor's network to gain access to the payment/credit card system 
  * Counterfeit hardware may be an exampe of this, e.g., if some component is installed by a malicious party they may have access to the device communications