Threats and vulnerabilities to application systems
As a security professional, one must s on the following while considering security for applications:
- Asset: An asset is basically a resource. It may be a computer, operating system, database management system and so on.
- Threat: This is an event that could compromise an asset by exploiting the weaknesses or vulnerabilities in the asset.
- Threat agent: A threat cannot manifest on its own. It needs an agent to exploit vulnerabilities. For example, hacking is a threat. Not having suitable patch management control or monitoring control is a vulnerability. Hacking is done by a hacker. Hence, a malicious hacker is a threat agent for unethical hacking.
- Vulnerability: This is a weakness in the system that a ...