Skip to Main Content
Stepping Through Cybersecurity Risk Management
book

Stepping Through Cybersecurity Risk Management

by Jennifer L. Bayuk
March 2024
Beginner content levelBeginner
336 pages
10h 10m
English
Wiley
Content preview from Stepping Through Cybersecurity Risk Management

2Threats

The National Institute of Standards and Technology defines a threat as:

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service (NIST 2012).

The systemigram in Figure 2.1 narrows this definition to cyber threats. The mainstay declares that threats embolden adversaries who exploit vulnerabilities which expose assets that enable adversary objectives. That is the basic idea behind a cyber threat. The threat itself is a circumstance or event that the adversary believes will enable objectives to be achieved.

2.1 Threat Actors

The most important thing to know about cybersecurity threats is that the actors who enact them may be dangerous adversaries. The second most important thing to know is that there is an interaction between an adversary and its target whether or not the target chooses to actively participate. A corollary is that: if the target is not actively combatting the adversary, then the adversary has an advantage. In the “Art of War,” Sun Tzu brought transparency to this situation by saying:

If you know the enemy and you know yourself

   you need not fear the result of 100 battles.

If you know yourself but not the enemy

   for every victory gained you will also suffer ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Risk Management for Cybersecurity and IT Managers

Risk Management for Cybersecurity and IT Managers

Jason Dion

Publisher Resources

ISBN: 9781394213955Purchase Link