I have previously written about categorizing attackers based on their levels of skill and focus. I have also written about categorizing security measures to defeat attackers with a given level of skill or focus. Both of these posts tie in closely with (and were early attempts at) a topic that I want to explore more fully in coming months: threat modeling.
