O'Reilly logo

Risk Assessment for Asset Owners by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 7: THREATS AND VULNERABILITIES

Information security threats and vulnerabilities go together.

The difference between ‘threats’ and ‘vulnerabilities’ is not always immediately clear to people new to the subject. It is very important to differentiate clearly between these two attributes of a risk because the existence of the risk itself is dependent on the coexistence of a threat and a vulnerability.

The simple difference is this:

vulnerabilities are flaws or weaknesses in an asset, whereas

threats can accidentally trigger or intentionally exploit a vulnerability to compromise some aspect of the asset.

There are very many threats that have absolutely no relevance to many organizations. A simplistic example would be an organization ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required