Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What's the difference between a threat, vulnerability and a risk?

Information Security Management
user-image
Question added by Deleted user
Date Posted: 2013/06/11
Upvote (0) Views (27) Followers (0) Answers (4) Report Question
Write an Answer
Register now or log in to answer.
Ahmad Yassein
by Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)

This is what i used to say to remember the difference between them:

"Close that door to avoid bees and if those bees got in, we are in the risk of being exposed to stings"

 

Vulnerability: Opened door

Threat: Bees

Risk: Stings

Mohammed Obaid
by Mohammed Obaid , Senior Security Analyst - Level 3 , GoDaddy Inc

Hello, A vulnerability is a software, hardware, procedural, or human weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment.
A vulnerability characterizes the absence or weakness of a safeguard that could be exploited.
This vulnerability may be a service running on a server, unpatched applications or operating system software, unrestricted modem dial-in access, an open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password management on servers and workstations.
A threat is any potential danger to information or systems.
The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual.
The entity that takes advantage of a vulnerability is referred to as a threat agent.
A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity.
A risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact.
If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method.
If users are not educated on processes and procedures, there is a higher likelihood that an employee will make an intentional or unintentional mistake that may destroy data.
If an intrusion detection system (IDS) is not implemented on a network, there is a higher likelihood an attack will go unnoticed until it is too late.
Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact.

Jasir Mohammed
by Jasir Mohammed , Assistant Vice President (AVP) , Deutsche Bank

Threat: A threat is what we’re trying to protect against A vulnerability is a weakness or gap in our protection efforts.
Asset + Threat + Vulnerability = Risk.

F F

Threat: Any harm or damage caused to the target by attacker (Internal/ External).
For example :( Virus, worm, spyware and malware) Vulnerability: A weakness that makes a threat possible.
Risk: When the harm/ damage occurs and caused loss because of Vulnerability that makes Threat possible.

Write Your Answer
More Questions Like This

Do you need help in adding the right keywords to your CV? Let our CV writing experts help you.

Get Help