This chapter presents Step 3 of the CORAS method, the main objective of which is to ensure a common understanding of the target of analysis, including its focus, scope and main assets. The analysis team presents its understanding of what they learned at the first meeting and from studying documentation that has been made available to them by the customer. The target models presented by the analysis team are corrected and amended. Based on interaction with the customer, the analysis team will also identify the main assets to be protected. The analysis team furthermore conducts a rough, high-level analysis to identify major threat scenarios, vulnerabilities and enterprise level risks that should be investigated further. The outcome of Step 3 is a refined and more detailed understanding of the target description and the objectives of the analysis, which at this point are documented by the analysts.