Risks, Threats, And Vulnerabilities

1355 WordsJul 20, 20156 Pages
When it comes to risk management there are definitely differences between risks, threats and vulnerabilities. It’s also amusing that the security terms that are most commonly misused/misunderstood by businesses are risks, threats, and vulnerabilities. Before you can properly define the three terms that were previously mentioned, one must realize that the ultimate goal is to protect assets. The assets can be anything from information, people or physical property. The information could be a database, company records; software code and a lot of other intangible items. The people would include customers, employees, contractors or guests. The property could be any items that could be assigned a value and either is tangible or intangible. Proprietary information and reputation are assets that would be considered intangible. When contrasting the differences between risks, threats and vulnerabilities it’s always smart to begin with risks, because the intersection of vulnerabilities, assets and threats constitutes a risk. So basically a risk can be defined as a potential for damage, destruction or loss of an asset that is a direct result of a vulnerability that is exploited by a threat. A threat is anything that be used to exploit a vulnerability, and this can be done either intentionally or accidentally to damage, obtain or destroy an asset. Vulnerabilities are gaps or a weakness that are found in a security programs that allow attackers unauthorized access to assets when it is
Open Document