With any new technology topic, terminology, semantics, and the use of terms within the context of the technology topic can be confusing, misused, and misrepresented. Risk itself encompasses the following three major areas: risks, threats, and vulnerabilities.
Risk is the probability or likelihood of the occurrence or realization of a threat. There are three basic elements of risk from an IT infrastructure perspective:
Asset— An IT infrastructure component or an item of value to an organization, such as data assets.
Threat— Any circumstance that could potentially cause loss or damage to an IT infrastructure asset.
Vulnerability— A weakness in the IT infrastructure or IT components that may be exploited in order for a threat to ...