Skip to Main Content
Cybersecurity Program Development for Business
book

Cybersecurity Program Development for Business

by Chris Moschovitis
May 2018
Beginner to intermediate content levelBeginner to intermediate
224 pages
6h 26m
English
Wiley
Audiobook available
Content preview from Cybersecurity Program Development for Business

CHAPTER 7Threats

Before we start, we need to briefly review a few key concepts: threat, attack, vector, and payload.

  • Threat refers to the potential of an agent to cause adverse effects on an asset.
  • Attack is the realization of a threat.
  • Vector is the pathway that a threat takes to compromise an asset.
  • Payload is the actual way that the compromise is effected.

And, as per the wise people at NIST: The threat source (agent) initiates the threat event (attack); the threat event (attack) exploits one or more vulnerabilities that cause adverse impact (you got hacked!); the end result produces organizational risk. And migraines. Painful, splitting migraines.

As we discussed, a cyberthreat has three core attributes: the kind of threat agent, the probability of occurrence, and, of course, its impact. During our threat assessment, our goal is to determine all three attributes on a per‐asset basis. To do this, we'll need to know what the assets are (which we have already accomplished), what their value is to us (our definition of impact), who the threat agents might be (the bad people out to get you), their motives, and any pertinent threat intelligence and historical data out there.

Regarding the part about people out to get you: As you recall, anything that is of value to you, is of value to someone else. If it is your personal data that is of value, then yes, in that sense they are after “you.” Your digital “you.” If it is corporate data that is of higher value, then they're after ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Executive's Cybersecurity Program Handbook

Executive's Cybersecurity Program Handbook

Jason Brown

Publisher Resources

ISBN: 9781119429517Purchase book