{"id":25,"date":"2024-03-10T22:36:34","date_gmt":"2024-03-10T22:36:34","guid":{"rendered":"https:\/\/alenkrga.com\/blog\/?p=25"},"modified":"2024-05-26T09:02:48","modified_gmt":"2024-05-26T09:02:48","slug":"vulnerability-threat-and-risk","status":"publish","type":"post","link":"https:\/\/alenkrga.com\/blog\/2024\/03\/10\/vulnerability-threat-and-risk\/","title":{"rendered":"Vulnerability, Threat and Risk"},"content":{"rendered":"\n<p>Part of security teams duties is to check their systems, and they need to figure out how someone might try to break in. They would look for weak spots, possible dangers and things that could go wrong.<\/p>\n\n\n\n<p>In this post I&#8217;ll speak about difference between Vulnerability, Threat And Risk.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Vulnerability<\/strong> is a weakness, or to put it simply, a flaw in a system that could be exploited to breach security. While there&#8217;s no such thing as a completely secure system, and we often see Zero-Day exploits <sup>(vulnerability before it&#8217;s patched)<\/sup>  happening, we can at least try to protect our systems by applying the latest patches to firmware and software, as well as properly configuring the system and hardware.<br><\/li>\n\n\n\n<li><strong>Threat<\/strong> is possibility of someone or something exploiting a weakness to breach security,<br>whether intentionally or unintentionally. The individual or thing responsible for threat is known as threat actor or threat agent. Attack vector is the pathway or method used by threat actors to breach a network.<br><\/li>\n\n\n\n<li><strong>Risk<\/strong> is the chance of using a weakness to break into a system. We need to assess these risks, which are vulnerabilities we find. Then, we can figure out how likely it is for a bad actor to exploit them and what damage that could cause.<\/li>\n<\/ul>\n\n\n\n<p class=\"has-text-align-center\">For basic risk assessments, we can use a simple formula:<br><\/p>\n\n\n<div class=\"wp-block-image is-style-default wp-duotone-cf2e2e-abb8c3-1\">\n<figure class=\"aligncenter size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"348\" height=\"160\" src=\"https:\/\/alenkrga.com\/blog\/wp-content\/uploads\/2024\/03\/threat-risk-vulnerability.png\" alt=\"\" class=\"wp-image-26\" srcset=\"https:\/\/alenkrga.com\/blog\/wp-content\/uploads\/2024\/03\/threat-risk-vulnerability.png 348w, https:\/\/alenkrga.com\/blog\/wp-content\/uploads\/2024\/03\/threat-risk-vulnerability-300x138.png 300w\" sizes=\"(max-width: 348px) 100vw, 348px\" \/><figcaption class=\"wp-element-caption\"><strong>Risk = (Threat x Vulnerability ) x Impact<\/strong><\/figcaption><\/figure>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Part of security teams duties is to check their systems, and they need to figure out how someone might try to break in. They would&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/alenkrga.com\/blog\/2024\/03\/10\/vulnerability-threat-and-risk\/\">Continue reading<span class=\"screen-reader-text\">Vulnerability, Threat and Risk<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[10,13,11,12],"class_list":["post-25","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity","tag-it-security","tag-risk-assessment","tag-threat-analysis","entry"],"_links":{"self":[{"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/posts\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":1,"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/posts\/25\/revisions"}],"predecessor-version":[{"id":27,"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/posts\/25\/revisions\/27"}],"wp:attachment":[{"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/media?parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/categories?post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alenkrga.com\/blog\/wp-json\/wp\/v2\/tags?post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}