Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What is more important for cyber security professionals to focus on, threats or vulnerabilities?

user-image
Question ajoutée par Karmel Hammad , Junior Civil Engineer , Khatib & Alami
Date de publication: 2017/08/30
Fredin Sebastian
par Fredin Sebastian , IT Systems Administrator , Qatar Business Management Holding Group(QBMHG)

We shoud focus on both. But should focus more on  vulnerabilities. Bacause thease are makeing theats.

gabriel tagni tchamangue
par gabriel tagni tchamangue , security guard , champion security

They should focus more on threats cause vulnerabilities can be handle at the level of the network administrator. 

tebib djillali
par tebib djillali , حارس أمن , بيات للخدمات الإطعام والفندقة

Cybersecurity has become an essential part of any national security policy. It has become known that decision makers in the United States of America, the European Union, Russia, China, India and other countries have categorized cybersecurity / cybersecurity issues as a priority in their national defense policies. In addition, more than 130 countries around the world have announced the allocation of cyber warfare divisions and scenarios within national security teams. All these efforts are added to traditional security efforts to combat cybercrime, e-fraud and other aspects of cybersecurity.

Sandip Khillare
par Sandip Khillare , Intern- Junior Software Developer , AviaBird Technology Services

In my opinoin, it is important to focus on both. Vulnerability is finding loopholes in the system and threats makes us understant that how to deal with real time problem or attack in the sytem. So vulnerability is more important to find loopholes in the system and fix them to secure the network. 

MOSES AMADI
par MOSES AMADI , MASTER SERGEANT , KENYA AIR FORCE

Focus must be on both because they affect our systems and they are both imminent.However,vulnerabilities should be prioritized because this where the ball is.Focusing on threats may at times take us on a wild goose chase and wastage of resourses and time.But,it imperative to give it some reasonable consideration without ignoring it in totallity. 

James Nueske
par James Nueske , CTO

The question contains an 'or', not an 'and'.  I'll pick vulnerabilities, as by definition, they are the known areas of weakness in your system.  Address those weaknesses,  and then you can begin to address the threats.  Threats need a weakness to exploit in order to become a breach. 

Adedotun Adeyemi
par Adedotun Adeyemi , INSTRUMENT & CONTROL ENGINEER , EXXONMOBIL

Both are important. In fact, a comprehensive identification of threats should drive the definition of a company's cyber security vulnerabilities. So specialists should focus on vulnerabilities because if those are addressed, then the threats are automatically taken care of.

Anwar  changarath
par Anwar changarath , IT Security Engineer , SKM Air conditioning LLC

am focusing on more in Threats, becuse threats only have assumption. in case vulnerabilty that we can easy findout using tools or checking the developement of the application etc..

Most threats are coming to the network form inside the organisation, it colud be unware usage of internet or using device which is not have proper updation.

From my experince most of incindents happens through email which is using naive users.

Naveed ulHassan Qamar
par Naveed ulHassan Qamar , Manager , SI CONSULT

As Cyber Security professional we should focus on both areas but if we choose one of them then vulnerabilities, we will receive the threats if the system is vulnerable.

Damilola Adegoke
par Damilola Adegoke , Honeywell Superfine Food

cybercrime professional should focus more on the vulnerability of their systems and network to make it formidable for attacks

David L
par David L , COO , FYBV

I've addressed this in detail in my article:

Threat Smart I: Cyber Risk Management Done Right

 

Security begins with people, not systems. So the question itself is kind of misleading.

 

Whatever their roles, hire trainable consummate professionals who are threat smart, highly click-averse (suspicious) and committed to maintaining top notch   security hygiene and data privacy. Leadership must be equally committed, submit to regular training like everybody else, and model good security hygiene. Training, testing, drills and games should include Social EngineeringPhishingRansomwareBEC (Business Email Compromise), Business Process Compromise and how Targeted (Cyber) Attacks are waged. Regular Social Media security and related home and mobile security risk training, also a must.

 

Words like threats and vulnerabilities are fast becoming clichés that can lure one into a false sense of security. If you have the human element right (as above), you're well on your way to building a threat smart culture. And yet all it takes is ONE weak link.

More Questions Like This