STEP 2 - Understanding Threats and Vulnerabilities

Now that we have drawn a 'Security Perimeter' around our Assets, we need to understand Risks, Threats and Vulnerabilities.

4 Key terms to learn

Asset People, property, and information.  People include employees  customers, contractors and guests.  Property consists of both tangible and intangible items that have a value.  Intangible assets include reputation and proprietary information.  Information may include databases, software code, and critical company documents.
                                                       An asset is what we’re trying to protect.

Threat Anything that has the potential to exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
                                               A threat is what we’re trying to protect against.

Vulnerability Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
                                 A vulnerability is a weakness or gap in our protection efforts.

Risk The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
                               Risk is the intersection of assets, threats, and vulnerabilities.

Most common
THREATS

  • Email Phishing
  • Viruses
  • Drive-by Downloads
  • User errors (accidental deletion)
  • Untrained Staff
  • Social Engineering
  • Malware
  • Former employees
  • Employees who have unrestricted access

Newest Threats
for 2018

  • Ransomware
  • CryptoMining
  • Highly targeted Phishing attacks
  • Data Breaches
  • Sophisticated CyberAtacks
  • CaaS  (Crime as a Service)

Most Common Vulnerabilities

  • Un-patched systems
  • Lack of monitoring
  • Un-trained Staff
  • No Policies
  • Unprotected systems
  • Open Ports

Now you are ready to move to Step 2 - Business Impact - you will need about 15-20 minutes. The form may be saved and continued later if you need more time.
​Click the button below.