What's the difference between the terms “risk”, “threat”, and “vulnerability”?
RISK
The term “risk” refers to the likelihood of being targeted by a given attack, of an attack being successful, and general exposure to a given threat. A risk assessment is performed to determine the most important potential security breaches to address now, rather than later. One enumerates the most critical and most likely dangers, and evaluates their levels of risk relative to each other as a function of the interaction between the cost of a breach and the probability of that breach.Analyzing risk can help one determine appropriate security budgeting — for both time and money — and prioritize security policy implementations so that the most immediate challenges can be resolved the most quickly.
THREAT
The term “threat” refers to the source and means of a particular type of attack. A threat assessment is performed to determine the best approaches to securing a system against a particular threat, or class of threat. Penetration testing exercises are substantially focused on assessing threat profiles, to help one develop effective countermeasures against the types of attacks represented by a given threat. Where risk assessments focus more on analyzing the potential and tendency of one’s resources to fall prey to various attacks, threat assessments focus more on analyzing the attacker’s resources. Analyzing threats can help one develop specific security policies to implement in line with policy priorities and understand the specific implementation needs for securing one’s resources.
VULNERABILITY
The term “vulnerability” refers to the security flaws in a system that allow an attack to be successful. Vulnerability testing should be performed on an ongoing basis by the parties responsible for resolving such vulnerabilities, and helps to provide data used to identify unexpected dangers to security that need to be addressed. Such vulnerabilities are not particular to technology — they can also apply to social factors such as individual authentication and authorization policies. Testing for vulnerabilities is useful for maintaining ongoing security, allowing the people responsible for the security of one’s resources to respond effectively to new dangers as they arise. It is also invaluable for policy and technology development, and as part of a technology selection process; selecting the right technology early on can ensure significant savings in time, money, and other business costs further down the line. Understanding the proper use of such terms is important not only to sound like you know what you’re talking about, nor even just to facilitate communication. It also helps develop and employ good policies. The specificity of technical jargon reflects the way experts have identified clear distinctions between practical realities of their fields of expertise, and can help clarify even for oneself how one should address the challenges that arise.
By.Cormac Michael
WebSite:
Facebook page :
Official E-mail
Nessun commento:
Posta un commento