Chapter 1. Security threats and risk
Threats are illogical. — Sarek.
“Journey to Babel,” Star Trek, Stardate 3842.3
1.1. Introduction to security risk or tales of the psychotic squirrel and the sociable shark
Ask a hundred people to state the difference between threat and risk and you will likely get a very diverse set of answers. I often ask this question when interviewing candidates for a security-related job. Even those who assess risk for a living are often stumped when asked for a working definition of these two terms. To complicate matters, colloquialisms abound to include “managing risk,” “risk relevance,” “concentration of risk,” “risk free,” and “risk averse.” Each implies something tangible if not downright quantifiable.
Many of us rely ...

Get Metrics and Methods for Security Risk Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.