O'Reilly logo

Information Security and IT Risk Management by Eric Pierce, Alex Campoe, Manish Agrawal

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 6 Threats and Vulnerabilities

Overview

After the initial chapters that provided an overview of the risk landscape, in Chapter 4, we took an initial look at the components of the information security landscape – assets, threats, vulnerabilities, and controls. We then began a deeper look at these components. In Chapter 5, we looked at assets, including asset types, their classifications, and characterizations.

In this chapter, we will take a close look at threats. At the end of this chapter, you should have a clear understanding of the different aspects of threats including:

  • Threat models, integrating the components of a threat
  • The forces that could act upon an asset (agents)
  • The methods by which these agents could affect an asset (actions)
  • Vulnerabilities and their relevance to threats

Introduction

We have defined threats as the capabilities, intentions, and attack methods of adversaries to exploit or cause harm to assets. This is consistent with the NIST 800-30 definition of a threat as “any circumstance or event with the potential to adversely impact organizational operations and assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure or modification of information, and/or denial of service.”1 Once the organization has identified and characterized its assets, the next step in the analysis of its information security requirements is an analysis of the threats faced by the organization. We saw ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required