A branching, hierarchical data structure that represents a set of potential approaches to achieving an event in which system security is penetrated or compromised in a specified way.
Sources:
CNSSI 4009-2015
from
IETF RFC 4949 Ver 2