ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What's the difference between a threat, vulnerability and a risk?

user-image
تم إضافة السؤال من قبل مستخدم محذوف‎
تاريخ النشر: 2013/06/11
Ahmad Yassein
من قبل Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)

This is what i used to say to remember the difference between them:

"Close that door to avoid bees and if those bees got in, we are in the risk of being exposed to stings"

 

Vulnerability: Opened door

Threat: Bees

Risk: Stings

Mohammed Obaid
من قبل Mohammed Obaid , Cyber Security Manager , Nile Cyber Technology

Hello, A vulnerability is a software, hardware, procedural, or human weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment.
A vulnerability characterizes the absence or weakness of a safeguard that could be exploited.
This vulnerability may be a service running on a server, unpatched applications or operating system software, unrestricted modem dial-in access, an open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password management on servers and workstations.
A threat is any potential danger to information or systems.
The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual.
The entity that takes advantage of a vulnerability is referred to as a threat agent.
A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity.
A risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact.
If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method.
If users are not educated on processes and procedures, there is a higher likelihood that an employee will make an intentional or unintentional mistake that may destroy data.
If an intrusion detection system (IDS) is not implemented on a network, there is a higher likelihood an attack will go unnoticed until it is too late.
Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact.

Jasir Mohammed
من قبل Jasir Mohammed , Assistant Vice President (AVP) , Deutsche Bank

Threat: A threat is what we’re trying to protect against A vulnerability is a weakness or gap in our protection efforts.
Asset + Threat + Vulnerability = Risk.

F F
من قبل F F , Systems Analyst , United Nations

Threat: Any harm or damage caused to the target by attacker (Internal/ External).
For example :( Virus, worm, spyware and malware) Vulnerability: A weakness that makes a threat possible.
Risk: When the harm/ damage occurs and caused loss because of Vulnerability that makes Threat possible.

المزيد من الأسئلة المماثلة