The threat landscape is the comprehensive picture of all current and potential threats facing an organization. It encompasses attack types, threat actors, their motivations, and the techniques they employ.
ISO 27001 Clause 6.1.2 (Risk Identification) assumes that you know the threats relevant to your organization. The threat landscape changes continuously — new attack techniques, geopolitical developments, and technological trends shift the balance. Sources for situational awareness include BSI situation reports, ENISA Threat Landscape Reports, sector-specific CERTs, and threat intelligence feeds. In your ISMS, the threat landscape should be reviewed at least annually — or when significant changes occur — and factored into the risk analysis.