CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Security HeadLines: What's the difference between a threat, a vulnerability and a risk? image
Cyber Security
What's the difference between a threat, a vulnerability and a risk?

While this question isn't specific to convergence, it's important to understand the differences among them.

Clearly Defined:

A threat is an external security issue represented by a natural or man-made attack. For example, a lightning bolt is a natural attack, since the lightning can threaten the safety and security of a data network. Likewise, an external intruder is a man-made threat that attempts to compromise a network.


A vulnerability is a specific degree of weakness of an individual computer or network exposed to the influence of a threat. For example, if you haven't applied the latest security patch to the operating system of your Web server, then you have a vulnerability because that computer system is exposed to potential intruders.


A risk is the degree of probability that a disaster will occur in light of the existing conditions, and the degree of vulnerability or weakness present in the system. The key difference between a threat and a risk is that a threat is related to the potential occurrence of a security issue, whereas a risk is the probability of an incident occurring based on the degree of exposure to a threat. Risk, for security purposes, is usually calculated in dollars and cents.



It's important to realize that you may have a vulnerability, but without a threat, you have no risk.

Evaluating each one of these factors is critical to knowing what security exposures you have, how critical they are and what effect they will have in your environment.

This little snippet was taken completely out of context from a 3 part article by Joel Pogar.
All 3 articles wil be appearing at CCSP over the weekend on Sunday the 31st of August.

In the final part of this series, Joel A. Pogar at Siemens Information and Communication Networks Inc. offers advice on the best way to secure a VOIP environment.


CW
Posted on Friday, 29 August 2003 @ 11:00:00 UTC by phoenix22 (4461 reads)
[ Trackback ]		image

"Security HeadLines: What's the difference between a threat, a vulnerability and a risk?" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· HotScripts
· W3 Consortium
· More about Cyber Security
· News by phoenix22

Most read story about Cyber Security:
Booby Trapped software!
block bottom
Article Rating
spacer
Average Score: 5
Votes: 7


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
143ppm 0.124s (0.005s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer