Part of security teams duties is to check their systems, and they need to figure out how someone might try to break in. They would look for weak spots, possible dangers and things that could go wrong.
In this post I’ll speak about difference between Vulnerability, Threat And Risk.
- Vulnerability is a weakness, or to put it simply, a flaw in a system that could be exploited to breach security. While there’s no such thing as a completely secure system, and we often see Zero-Day exploits (vulnerability before it’s patched) happening, we can at least try to protect our systems by applying the latest patches to firmware and software, as well as properly configuring the system and hardware.
- Threat is possibility of someone or something exploiting a weakness to breach security,
whether intentionally or unintentionally. The individual or thing responsible for threat is known as threat actor or threat agent. Attack vector is the pathway or method used by threat actors to breach a network. - Risk is the chance of using a weakness to break into a system. We need to assess these risks, which are vulnerabilities we find. Then, we can figure out how likely it is for a bad actor to exploit them and what damage that could cause.
For basic risk assessments, we can use a simple formula:
Comments are closed.