Information Risk Management, 2nd Edition

5 THREAT AND VULNERABILITY ASSESSMENT

In 2002, US Secretary of State Donald Rumsfeld said the following during a briefing:

… there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.

This is partly true of threats, but very true of vulnerabilities.

Threats, as we see in the glossary in Appendix I, are the ‘potential cause of an unwanted incident, which can result in harm to a system or organisation’. Threats are slightly different from hazards, which may still cause an unwanted incident resulting in harm to an information asset, but whereas threats are generally ...

Get Information Risk Management, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Risk Management, 2nd Edition by David Sutton

5 THREAT AND VULNERABILITY ASSESSMENT

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly