What is Risk, Threat and Vulnerability? Relationship between Risk, Threat & vulnerability
In this module, we will learn about the most commonly mixed-up security terms which are Risk, threat, and vulnerability.
What is a threat?
Threat is a person or thing likely to cause damage or danger. A threat is what we’re trying to protect against which could be fire, earthquake, oil spillage, bomb, terrorist, hacker, etc.
If any employee Using Social Media in the office and sharing confidential information an Outdated Anti-Virus is installed in your system making it vulnerable to attack.
Risk is The potential for loss, damage, or destruction of an asset as a result of a threat exploiting a vulnerability. It is an event that could result in the compromise of organizational assets for profit or personal.
Relationship between Risk, Threat & vulnerability explained?
Now lets understand the relationship between Risk, threat and vulnerability.Threats may exist, but if there are no vulnerabilities then there is no risk.Similarly, you can have vulnerability, but if you have no threat, then you have no risk.Risk is the product of vulnerability.
Threat. R = VT
Taking earlier examples – Employee is a threat, access to social media in the office is vulnerability, and sharing confidential information is RISK to the organization. The virus is a threat, Outdated anti-virus installed in the system is vulnerable and Loss of Data is a risk
An unauthorized person tries to access an organization in the absence of a security guard and that person is a threat, Absence of a Security guard and access control is Vulnerability and there is a RISK of theft. Threat exploits Vulnerability which leads to RISK and can damage assets of the organization and it can be safeguarded by adopting suitable countermeasures. This is also called as Risk life Cycle, In this blog, we briefly understood Risk, Threat, and Vulnerability.
Very well explained in very simple words.
ReplyDelete