A threat is what we’re trying to protect against.Our enemy could be Earthquake, Fire, Hackers, Malware, System
Failure, Criminals and
many other unknown forces.
What is Vulnerability?
Vulnerability is a weakness or gap in our
protection efforts. Vulnerability
can be in form of weak coding, missing anti-virus, weak access control and
other related factors.
What is a Risk?
Risk= Vulnerability * Threat
Risk is the product of vulnerability and threat. That is, we get a risk
when our systems have a vulnerability that a given threat can attack. Thus, threats
may exist, but if there are no vulnerabilities then there is no risk.
Similarly, you can have vulnerability, but if you have no threat, then you have
no risk.
There should
be presence of both the elements (i.e. V*T) to constitute a risk.
Now, let us
attempt below exercise to understand the terms more precisely:
(i)
“Door is open. Please close it to avoid thieves .If they gets in, we will be robbed”
Identify
Threat/Vulnerability/Risk from above statement.
Threat:
Vulnerability:
Risk:
(ii)
“If antiviruses are not updated regularly, then new type of virus can destroy
our data”
Identify
Threat/Vulnerability/Risk from above statement.
Threat:
Vulnerability:
Risk:
Please
provide your answers in comment box. In
case of any queries, please do write.
(i) Threat
ReplyDelete(ii) Risk
(1) Threat: Robbery
ReplyDeleteVulnerability: Door is kept open
Risk: We will be robbed if door is not locked
(2) Threat: Malware
Vulnerability: Update anti-virus regularly
Risk: Data Destruction
Perfect.
Delete