STEP 2 - Understanding Threats and Vulnerabilities
Now that we have drawn a 'Security Perimeter' around our Assets, we need to understand Risks, Threats and Vulnerabilities.
4 Key terms to learn
Asset – People, property, and information. People include employees customers, contractors and guests. Property consists of both tangible and intangible items that have a value. Intangible assets include reputation and proprietary information. Information may include databases, software code, and critical company documents.
An asset is what we’re trying to protect.
Threat – Anything that has the potential to exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
A threat is what we’re trying to protect against.
Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
A vulnerability is a weakness or gap in our protection efforts.
Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
Risk is the intersection of assets, threats, and vulnerabilities.
An asset is what we’re trying to protect.
Threat – Anything that has the potential to exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
A threat is what we’re trying to protect against.
Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
A vulnerability is a weakness or gap in our protection efforts.
Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
Risk is the intersection of assets, threats, and vulnerabilities.
Most common
|
Newest Threats
|
Most Common Vulnerabilities
|