Dictionary / Knowledge Item Item: Distinguish Risk, Threat, Vulnerability
Generated on 2014/06/19 at 04:57:59 AM
Dictionary / Knowledge Item Item: Distinguish Risk, Threat, Vulnerability
| Acronym or Abbreviation | ||||||||||
| Alias or Synonym | ||||||||||
| Key Words | ||||||||||
| Description (HTML) | An asset is what we’re trying to protect. A threat is what we’re trying to protect against. A vulnerability is a weakness or gap in our protection efforts. Risk is the intersection of assets, threats, and vulnerabilities. Why is it important to understand the difference between these terms? If you don’t understand the difference, you’ll never understand the true risk to assets. You see, when conducting a risk assessment, the formula used to determine risk is…. A + T + V = R
Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats (actual, conceptual, or inherent) may exist, but if there are no vulnerabilities then there is little/no risk. Similarly, you can have a vulnerability, but if you have no threat, then you have little/no risk. Accurately assessing threats and identifying vulnerabilities is critical to understanding the risk to assets. Understanding the difference between threats, vulnerabilities, and risk is the first step. |
|||||||||
| Source Description | Threat Analysis Group, LLC | |||||||||
| Source URL | http://www.threatanalysis.com/blog/?p=43 | |||||||||
| Document | No document attached... | |||||||||
| Item Quality Status (Item Quality Status) | Acceptable | |||||||||
| Updated by | webea.09 | |||||||||
| Updated on | 2014-04-15 21:54:32 | |||||||||
is referenced by |
|
Process
Risk