4: UNDERSTANDING THREAT AND ITS RELATION TO VULNERABILITIES

INTRODUCTION

Threats, along with assets, vulnerabilities, and safeguards, are the essential elements of risk management in an information system. Threat represents one of the four major elements of the risk assessment process. Understanding and considering the full spectrum of both human and environmental threat is pivotal to effectively implementing and managing a cost-effective security program for information resources. Too often, analysts employ simplistic anecdotal threat concepts or merely use broad, ill-defined labels such as “hackers” to define the threat environment. Either approach will negatively impact the effectiveness of a security program.

The anecdotal method for assessing ...

Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.