Understanding and Managing Vulnerabilities
A vulnerability can be a weakness in an asset or the environment. A weakness can also be considered as a flaw in any system or business process.
A vulnerability may lead to a risk, although by itself it does not become a loss. The loss occurs when a threat exploits the vulnerability, which is also referred to as a threat/vulnerability pair.
FIGURE 2-1 shows the flow of a threat to a loss. Mitigation techniques can be used to reduce the vulnerability, the loss, or both.
FIGURE 2-1 The flow of threat/vulnerability pairs.
This section presents the following topics:
- Threat/vulnerability pairs
- Mitigating ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
