CHAPTER 9: THREATS AND VULNERABILITIES
The second step in the asset-based risk assessment process is to identify the threats to the identified assets. The third step is to identify the vulnerabilities those threats might exploit. Threats and vulnerabilities go together and, for that reason, we are addressing them together in this chapter.
The difference between ‘threats’ and ‘vulnerabilities’ is not always immediately clear to people new to the subject and, as a risk assessment process is implemented within an organisation, it will not be immediately clear to everyone involved in it. It is very important to always differentiate clearly between these two attributes of a risk, because the existence of the risk itself is dependent on the coexistence ...
Get Information Security Risk Management for ISO 27001/ISO 27002, third edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
