This ETSI Technical Report (ETR) provides guidance and support for a comprehensive analysis of threats, vulnerabilities, risks and for the compilation of a specific set of security requirements. It is the intention to provide the user of this ETR with a comprehensive understanding and methodology regarding threats, vulnerabilities, risks and security requirements. The security architecture of a particular system is always unique and the threats and security requirements are very specific to that system. The contents of this paper provide guidelines and checklists rather than specifying in too much detail in order to facilitate the application by the user. This ETR should enable TCs to start their security work from scratch, to take advantage of the experience from other TCs Security Experts Groups (SEGs) or to adapt solutions that have already been devised. STCs seeking advice on threat analysis and security requirements capture should ask STAG for support.